The accreditation body also issued a draft document detailing the assessment process that third-party assessment organizations will need to follow once the final CMMC rule takes effect.