All DoD contractors and subcontractors with systems that process, transmit or store Controlled Unclassified Information (CUI) must be compliant with the Defense Federal Acquisition Regulation Supplement (DFARS) cybersecurity requirements. These are specified in the DFARS Interim Rule based on NIST SP 800-171, and separately in the Cybersecurity Maturity Model Certification (CMMC) Level 3. Both apply controls from NIST SP 800-53, the catalog that forms the basis of the highly rigorous Risk Management Framework (RMF) for DoD Federal internal systems. Given these common core components, and with BAI’s established leadership as the “go to” training and consulting experts on the Risk Management Framework (RMF), you can be confident that this training will provide you with the knowledge and skills you need to meet DFARS. True to our motto of “We ARE RMF!”, the “DFARS Compliance with CMMC/NIST SP 800-171” curriculum has been designed by RMF practitioners who can offer you the industry standard for getting through the process of control implementation and assessment! LEARNING OBJECTIVES: The DFARS Compliance with CMMC/NIST SP 800-171 Fundamentals class is intended to help participants gain foundational knowledge of the process and general information to begin the decision-making process. The learning objectives are designed so that participants will be able to: Identify who is impacted by the CMMC and NIST SP 800-171 Identify when the requirements will take effect Differentiate requirements for FARS and DFARS Understand how controls/practices apply to cybersecurity risk management principles Determine the potential impact of the newly released Interim Rule Apply DoD CUI Registry guidance to determine CUI requirements Relate NIST SP 800-171 controls to CMMC Process and Practice maturity levels Explain the current state of cybersecurity assessment as it relates to the CMMC and NIST SP 800-171 Policies Covered: NIST SP 800-171 NIST SP 800-53
To provide students with the knowledge necessary to comply with DFARS 7012 and eventually with the Cybersecurity Maturity Model Certification (CMMC).