A CCSS Implementer (CCSSI) is focused on building and improving the system. They look at how key management is set up, where the gaps are, and what needs to change to meet CCSS requirements. That includes designing controls, putting processes in place, and making sure there’s enough documentation and evidence to support it. CCSSIs may be internal to an organization or brought in externally to support the implementation. In some cases, they are engaged to support the full implementation across all controls. In others, they may be brought in to assist with specific areas depending on the needs of the system.
A CCSS Auditor (CCSSA) determines the CCSS Trusted Environment and audits the system. They come in independently, review what’s in place, test how it works, and determine whether the requirements are actually met. CCCSSAs also perform peer reviews. In this case, a separate CCSSA Peer Reviewer (CCSSA-PR) reviews the redacted Report on Compliance to confirm the audit was done correctly, the evidence supports the conclusions, and the Standard was applied consistently.
For a list of certified professionals, please see our website:
Find an Implementer
Find an Auditor
Become an Implementer
Become an Auditor