In the CMMC ecosystem, we have three main areas in support of Organizations Seeking Certification (OSCs): the consultants, the assessors, and the educators.

The educators and students have been hovering over the cybersecurity battlefield, waiting for CMMC 2.0 updates to arrive so the existing Certified CMMC Professional (CCP) courseware can be updated, approved, and put out into the CMMC community.

Why the long wait? Don’t we all know what is included in the CMMC 2.0 changes? Well, yes and no.

Yes, we know what model changes are important to incorporate. But no, we are not being told yet what other changes CMMC-AB will make in the updated learning objectives. We have new scoping and assessment guide documentation to consider, in addition to the model, and the depth in which the educators need to focus on those new documents will be prescribed with the updated CCP exam objectives. After all, even though we could teach everything we’ve been provided by CMMC-AB, it is important to target the areas that will be on the CCP exam.

This has put the Licensed Partner Publishers (LPPs) and Licensed Training Providers (LTPs) in an awkward position. And not for the first time. Development teams are standing by. Provisional Instructors are standing by. Potential students are standing by. We’re all standing by in anticipation of the resources we need to get a move on. Again. This is reminiscent of the first eight months of 2021; all too familiar to the educational community, and it is grossly straining the resources of the educators and potential pool of trained professionals.

Here’s the kicker, though! CCP enrollments should not be tapering in anticipation of the new curricula now, nor should they in the future if more changes are introduced in the model of CMMC. The content in the original CCP course is foundational knowledge, which expanded on NIST 800-171 as the premise for all practices. The Provisional Instructors are experienced in cybersecurity assessments, and their ability to demonstrate the original CMMC model information and introduce new CMMC 2.0 concepts is easy to grasp. And the students themselves confirm this – whether they are internal InfoSec/IT helping their OSC prepare; a Registered Practitioner (RP); a Managed Service Provider (MSP) seeking to get a leg up on the competition and add value to their consulting services; or a future CMMC assessor who is on the first step of their journey.The CCP students agree getting in early and staying connected throughout the changes in the CMMC Model with their CCP network of instructors and cohort students has been invaluable.

Individuals seeking more information on how to ready themselves for self-attestation or assessment under CMMC 2.0 are in for a journey, not a sprint. There’s no reason to hold off on gaining foundational knowledge and joining peer groups to explore the changes as they are introduced. We hope everyone in the CMMC ecosystem will consider the time lost waiting to become a CCP that could be focused now on actively engaging with your Provisional Instructors and CCP cohorts digesting all the changing CMMC documents and guidance as it is introduced.

We always say it – we’re all in this together! We are ready now to add talented, trained professionals to the CMMC ecosystem. Join us.


Joy is the CMMC Program Manager for Edwards Performance Solutions, delivering live training for all areas of CMMC, as well as an active participant of the Commercial Cybersecurity Assessment Team. Before joining Edwards, Joy served the MSP community as a cybersecurity education instructor, educating 3,000+ on cybersecurity fundamentals from 2019-2020. In addition to her facilitation experience, Joy owned a successful MSP in Los Angeles for 21 years.