• Online, Self-Paced
Course Description

Do you support the United States Department of Defense (DoD)? Have you heard about the security requirements from NIST 800-171 or the Cybersecurity Maturity Model Certification (CMMC), but don’t know where to start?

This course provides organizations in the Defense Industrial Base (DIB) a comprehensive overview of NIST 800-171 and CMMC so they can make informed decisions.

The majority of CMMC training is meant for assessors and consultants, but there aren’t many courses for small and medium businesses to help them understand the process - this course fills that gap.

Learning Objectives

  • Types of information
    • Federal Contract Information (FCI)
    • Controlled Unclassified Information (CUI)
    • Government's CUI program
  • NIST 800-171
    • NFO Controls
    • NIST 800-171A
    • Artifacts such as the system security plan (SSP) and POA&M
  • Contractual Requirements
    • FAR and DFARS
    • DFARS 252.204-7012 - Safeguarding Covered Defense Information and Cyber Incident
    • DFARS 252.204-7019 - Notice of NIST SP 800-171 DoD Assessment Requirements
    • DFARS 252.204-7020 - NIST SP 800-171 DoD Assessment Requirements
    • DFARS 252.204-7021 - CMMC Requirements
  • NIST 800-171 DoD Assessment Methodology
    • DoD's assessment methodology and how to calculate a NIST 800-171 SPRS score
  • FedRAMP
    • FedRAMP and how it relates to DFARS 7012
    • FedRAMP Marketplace
  • CMMC
    • CMMC levels 1, 2, and 3
    • CMMC timeline
    • CMMC asset types and scoping guidance
    • CMMC assessment guidance
    • Roles in the CMMC ecosystem such as the Cyber AB, CAICO, C3PAOs, RPOs, and more
    • What your next steps should be

Framework Connections