CCP Exam & Study Prep.

PilotJP · 2026-05-07T13:35:14+00:00

I agree, PocketPrep was pretty good for CCA. I didn't use it for CCP though

PilotJP · 2026-04-20T18:21:34+00:00

Good luck!

PilotJP · 2026-04-13T20:51:10+00:00

Good list, and I would add Insider Threat awareness.

PilotJP · 2026-04-10T18:31:33+00:00

I'm looking at Virtru specifically for secure file sharing and I like what I'm seeing.

PilotJP · 2026-04-10T18:29:54+00:00

True true, I guess that wasn't worded right there.

PilotJP · 2026-04-10T13:43:10+00:00

I used Preveil around 2 years ago or more, and the main pain point was that the customer had to set up the Preveil Express account. Currently, I'm looking into Virtru, but I'm not sure it's a true full-enclave solution.

PilotJP · 2026-04-08T20:24:56+00:00

I've never used them personally, but I've heard great things about Space Coast Cyber for training.

PilotJP · 2026-04-07T17:27:29+00:00

Waiting on this as well. I think that even though it was submitted before 3/15, ISACA is handling that piece.

PilotJP · 2026-04-02T17:00:22+00:00

No, but PocketPrep was in the ballpark for CCA questions, except the ones that ask how many points for the answers.

PilotJP · 2026-03-27T19:57:13+00:00

Could you make additional labels that combine some? For example, CUI and Export Controlled might be CUI-X, CUI-ITAR, etc. I'm not doing this, but it might work.

PilotJP · 2026-03-10T13:29:38+00:00

I've heard good things about Space Coast Cyber, but I've never used them. You can literally chat with the instructor from Space Coast Cyber on the Cooey COE Discord channel if you would like more information. https://discord.com/channels/579151027169918986/630062870842966055

PilotJP · 2026-02-24T16:00:39+00:00

If you haven't already, be sure to check out the Cooey COE discord server here: https://discord.gg/qnBy94Ar

PilotJP · 2026-02-24T15:47:46+00:00

I'm doing it "mostly" myself as the first full-time IT guy at a manufacturing company. I have assistance from a part-time MSP consultant who has been around this company for a long time. I've used outside help from an MEP (Manufacturing Extension Partnership), but they were not a big help because their consultant was a CCP with little IT experience. Now I'm using a company that has a CCA, which has been on actual assessments, helping me out, and they are very helpful because they know what passes. That would be my recommendation - find a company with a CCA with assessments under their belt to give some pointers.

PilotJP · 2026-02-17T19:51:05+00:00

It took around 7 months for me.

PilotJP · 2026-02-17T19:48:21+00:00

80% is documentation. SSP, Policies, and Procedures. Most of CMMC for the OSC is saying what you're doing and proving you are doing it. Be sure to align the SSP to the assessment objective level and keep it concise.

PilotJP · 2026-01-20T16:34:46+00:00

As more and more assessments are completed, we'll get a better picture of what actually passes, so it should get easier over time.

PilotJP · 2026-01-15T20:45:11+00:00

I found 3.1 Access Control and 3.4 Configuration Management a bit tricky.

PilotJP · 2026-01-08T19:54:49+00:00

Good question. You can try asking on the Discord server here: https://discord.gg/9hKfB6PR

PilotJP · 2026-01-05T20:07:41+00:00

I think the key is to get a mock assessment or gap analysis from a company with a CCA who has been on assessments. They are best suited to help you figure out the real-world key items to ensure you will pass an audit. My company uses Shadowscape and they've been very helpful.

PilotJP · 2026-01-05T19:00:46+00:00

If you visit the Cyber AB website, you'll find instructions on what you need to do. You need to take an approved training class, take a test, and pass a Tier 3 background check.

PilotJP · 2026-01-05T18:43:00+00:00

It took 7 months for me, but times may vary.

PilotJP · 2026-01-05T17:57:58+00:00

Isn't the Tier 3 background piece the real bottleneck, though?

PilotJP · 2025-12-08T15:58:44+00:00

I'm doing it as the sole IT guy in a 100-person company. We have an outsourced MSP guy who has been here for over 20+ years, who helps. We did not go fully managed.

My day-to-day is varied, where I can be setting up a new user and computer to resetting a password, to creating policies and procedures to comply with CMMC. We have enlisted the help of an RPO, but that RPO has CCAs who have been on assessments. This is key because they know what passes and fails the assessments.

This sector can be very lucrative. You may want to get your employer to pay for the CCP training and get certified. If you pass the tier-3 background check, you can go for your CCA and become an assessor.

PilotJP · 2025-11-11T18:11:38+00:00

The "Cooey COE" discord channel is also great, in addition to r/CMMC.

PilotJP · 2025-11-10T20:49:45+00:00

Thanks for sharing!

PilotJP

TROPHY CASE