Hey all, as part of the final rule, the DoD has detailed the new requirements for CCA certification. This includes a minimum of 1 year of audit experience:

1 or 3 year(s) audit or assessment experience (CCA, Lead CCA): The applicant participated on multiple assessments or audits in which the applicant’s role was to work on the team conducting the internal or external audits/assessments. These audits/assessments should be based on a compliance standard and include examining and verifying evidence of the internal or external customer.

I do not have any prior audit experience apart from working in internal audit as an intern for a couple of months. I'm currently transitioning from a pentesting role which I've worked for a couple of years, but our assessments weren't based on any compliance standard per se.

I'm just wondering if anyone has any suggestions on what I can do about this. It sounds like I would need to operate as a CCP for a year before I can become a CCA which is not ideal considering I was hoping to operate as a subcontractor.