Registered Practitioner Home

CMMC Registered Practitioner is abbreviated “CMMC RP”

The CMMC RP is a person who specializes in helping companies prepare for the CMMC.


The CMMC-AB website is the official source of information about the Registered Practitioner Program.

CMMC-AB Registered Practitioner Page

Nothing on this website is official. Go check the link above for official information.

Most RPs will specialize to address a specific client need

  • Managed Service Providers (MSPs) do hands-on configuration and management of client’s networks and computers
  • Migration specialists do hands-on projects to move clients to secure systems
  • Managed Security Service Providers (MSSPs) monitor client networks and respond to cybersecurity incidents
  • Cybersecurity specialists help write required documents (such as the system security plan) and help plan solutions
  • Process maturity specialists work with the company to make better policies, procedures, and work flows
  • Virtual CISOs work from the inside to develop strategic plans and determine priorities for security
  • Compliance specialists will perform “Gap Analysis” and give guidance on preparing for an official assessment

Here are the benefits of working with a CMMC Registered Practitioner

Those are the value adds for the client. Notice I didn’t say anything about cybersecurity ability or resume review or any other level of competency. Is an RP better than a non-RP? Some yes, some no. Depends on the person and their background.

Who is the typical Registered Practitioner?

Since higher levels of CMMC certification aren’t available yet, many professionals who want to become Certified Assessors (CA) have gone through the Registered Practitioner program while they wait. Many of these professionals specialize in compliance and cybersecurity (they are experienced in assessment work).

Once CA is available, I’m guessing that RPs will be mostly comprised of MSP, MSSP, and migration specialist staff. Hands-on practitioners that don’t need to participate in assessments.

What can you expect as a Registered Practitioner?

You can advertise your status

You can possibly join Provisional Assessment teams in 2021

You get training and background checked and listed in the marketplace as described in our Review of CMMC Registered Practitioner Training

Will you start getting tons of calls from clients?

The CMMC-AB Marketplace will probably not boost your career very much by itself. At least I haven’t heard of anyone being contacted just because they were listed as an RP. Maybe it will occur as the CMMC gets more popular.

I have heard that some cybersecurity consulting companies are requiring RP to be eligible for positions.


What have you heard? How is your experience as an RP going?

Recommended articles

Policy templates and tools for CMMC and 800-171

CMMC Scope – are you ready for an assessment?

How to read and start preparing for the CMMC

Leave a Reply

Your email address will not be published. Required fields are marked *