正解: D
Understanding the "Verify Evidence and Record Gaps" Activity in a CMMC Assessment During aCMMC Level 2 Assessment, theAssessment Teamfollows a structured methodology toverify evidenceand determine whether theOrganization Seeking Certification (OSC)has met all required practices.
One of the key activities in this process is"Verify Evidence and Record Gaps", which ensures that the assessment findings accurately reflect any missing or inadequate compliance evidence.
Step-by-Step Breakdown:
#1. Primary Intent: Identifying Gaps Between Required and Collected Evidence TheAssessment Teamcompares the evidence provided by the OSC against theCMMC practice requirements.
If evidence ismissing, insufficient, or inconsistent, assessors mustdocument the gapand describe what is lacking.
This ensures that compliance deficiencies are clearly identified, allowing the OSC to understand what must be corrected.
#2. How This Process Works in a CMMC Assessment
Assessorsreview collected documentation, system configurations, policies, and interview responses.
They verify that the evidencematches the expected implementationof a practice.
If gaps exist, they arerecordedfor discussion and potential remediation before assessment completion.
#3. Why the Other Answer Choices Are Incorrect:
(A) Map test and demonstration responses to CMMC practices.#
Incorrect:While mapping evidence to CMMC practices is part of the assessment, theprimary intentof the
"Verify Evidence and Record Gaps" step is toidentify deficiencies, not just mapping responses.
(B) Conduct interviews to test process implementation knowledge.#
Incorrect:Interviews are a method used during evidence collection, but they arenot the primary focusof the verification and gap analysis step.
(C) Determine the one-to-one relationship between a practice and an assessment object.# Incorrect:The assessment teamreviews multiple sources of evidencefor each practice, and some practices require multiple assessment objects. The goal isnot a strict one-to-one mappingbut rathera holistic validation of compliance.
Final Validation from CMMC Documentation:
CMMC評価プロセスガイドでは、「証拠の検証とギャップの記録」は、評価者が期待される証拠と提出された証拠を比較し、不一致を文書化するステップであると規定されています。これにより、評価結果と是正計画の透明性が確保されます。
したがって、正解は次のとおりです。
D) 評価チームが要求した内容と収集した証拠との間の相違点を特定し、説明する。