About Us | Contact Us


CCRMP Certification


Employers seek cloud risk management professionals who are job-ready to utilize the NIST Risk Management Framework (RMF) and FedRAMP– the de facto U.S. standards for cloud security risk management. FedRAMP employs the NIST RMF as the tool of choice and requires all Cloud Service Providers for the federal government to comply with FedRAMP, and thus the NIST RMF. Similarly, cloud risk management professionals seek a certification which validates they are job-ready to implement the NIST RMF and FedRAMP>

To meet the needs of employers and candidates Mission Critical Institute (MCI) has launched the only performance-based NIST RMF certification, the Certified Cloud Risk Management Professional (CCRMP) to address:

  • Accelerating cybersecurity staffing shortages
  • Scarcity of “job-ready” NIST RMF/FedRAMP specialists
  • Need for performance-based certifications, as opposed to exam-based certifications

Benefits of the CCRMP

The benefits of earning the CCRMP include:

  • 100% hands-on—no exam
  • NIST RMF/FedRAMP virtual internship
  • Earn 15 graduate credits for your accredited cloud security MSIS or MBA
  • Validation you are NIST RMF/FedRAMP job-ready
  • Cyber career development support to help you find a top cyber job
  • NIST RMF/FedRAMP project experience employers seek
  • Recognition of curriculum by Department of Homeland Security
  • Pay increase potential even while earning your CCRMP

Back to Top

Industry Support for the CCRMP

The CCRMP was developed by cybersecurity risk management practitioners who have supported major employers in the public and private sectors including: DoD, FBI, Cisco, Booz Allen Hamilton, ITPG, Raytheon, FERC, DHS, and CACI.

Back to Top

CCRMP Common Body of Practice

CCRMP candidates demonstrate a mastery of the CCRMP Common Body of Practice by satisfactorily producing all deliverables required for implementing the NIST RMF.

The CCRMP Common Body of Practice includes the following seven competencies:

    1. Categorize the information system and the information processed, stored, and transmitted by that system
    2. Select an initial set of baseline security controls for the information system, based on the security categorization
    3. Implement selected security controls and describe how the controls are employed within the information system and its environment of operation
    4. Assess the security controls using appropriate assessment procedures to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcomes for meeting the system’s security requirements
    5. Authorize the information system operation, based on a determination of the risk and the decision that this risk is acceptable
    6. Monitor continuously the security controls in the information system

Back to Top

Demonstration of Competencies

To demonstrate mastery of the CCRMP Common Body of Practice (CBP), candidates must produce the deliverables described in Table 1 through an online university graduate program, sponsored by MCI.

TABLE 1: Deliverables Demonstrating Mastery of the CBP

NIST RMF StepNIST RMF Deliverables
1 CategorizeCategorization 199 worksheet, draft SSP, system registration
2 SelectSCTM, draft ISCM strategy, review and approve final SSP
3 ImplementUpdated SSP
4 AssessSecurity Controls Assessment Plan, Security Controls Assessment Report, POA&M (ISSO)
5 AuthorizeRisk Assessment Report, (Risk Executive function) prepare ATO package (ISSO), Authorization Decision/Determination Document (AO)
6 MonitorImplementation of ISCM strategy, decommissioning documentation

Back to Top

Eligibility Requirements

To earn the CCRMP you must:

  • Possess a U.S. bachelor’s degree from an accredited university
  • Produce the NIST RMF deliverables for all six steps of the NIST RMF/FedRAMP
  • Be admitted to an MCI recognized cybersecurity online graduate program
  • Complete the required CCRMP preparation coursers with a minimum 3.0 G.P.A.

Back to Top

Maintaining your CCRMP Certification

To maintain the CCRMP certification, you must:

  • Submit CCRMP annual membership fee
  • Meet the continuing professional education (CPE) requirements: 40 hours per year.
  • Submit your cloud security career status report

Back to Top

CCRMP Overview and Board of Advisors
CCRMP Policies and Procedures
CCRMP Application

Back to Top