CMMC Registered Practitioner is abbreviated “CMMC RP”
The CMMC RP is a person who specializes in helping companies prepare for the CMMC.
The CMMC-AB website is the official source of information about the Registered Practitioner Program.
Most RPs will specialize to address a specific client need
- Managed Service Providers (MSPs) do hands-on configuration and management of client’s networks and computers
- Migration specialists do hands-on projects to move clients to secure systems
- Managed Security Service Providers (MSSPs) monitor client networks and respond to cybersecurity incidents
- Cybersecurity specialists help write required documents (such as the system security plan) and help plan solutions
- Process maturity specialists work with the company to make better policies, procedures, and work flows
- Virtual CISOs work from the inside to develop strategic plans and determine priorities for security
- Compliance specialists will perform “Gap Analysis” and give guidance on preparing for an official assessment
Here are the benefits of working with a CMMC Registered Practitioner
- The RP gets several hours of general training as described here: https://www.cmmcaudit.org/review-of-cmmc-registered-practitioner-training/
- The RP has to pass a simple background screen.
- The RP has to sign an ethics agreement: https://cmmcab.org/files/4208/
- And the CMMC-AB holds the right to yank their badge if they get a complaint about unethical practices.
Those are the value adds for the client. Notice I didn’t say anything about cybersecurity ability or resume review or any other level of competency. Is an RP better than a non-RP? Some yes, some no. Depends on the person and their background.
Who is the typical Registered Practitioner?
Since higher levels of CMMC certification aren’t available yet, many professionals who want to become Certified Assessors (CA) have gone through the Registered Practitioner program while they wait. Many of these professionals specialize in compliance and cybersecurity (they are experienced in assessment work).
Once CA is available, I’m guessing that RPs will be mostly comprised of MSP, MSSP, and migration specialist staff. Hands-on practitioners that don’t need to participate in assessments.
What can you expect as a Registered Practitioner?
You can advertise yourself using the Cyber-AB Marketplace, in exchange for paying a fee.
You get some web training about CMMC
Will you start getting tons of calls from clients?
The CMMC-AB Marketplace will probably not boost your career very much by itself. At least I haven’t heard of anyone being contacted just because they were listed as an RP. Maybe it will occur as the CMMC gets more popular.
I have heard that some cybersecurity consulting companies are requiring RP to be eligible for positions.
What have you heard? How is your experience as an RP going?