• Online, Self-Paced

Are you overwhelmed by CMMC? This course will save you WEEKS of research and set you up for success as you prepare for CMMC!

Jacob Hill has been leading the CMMC charge at a small business and created this course specifically for defense contractors. He developed this training as a one-stop solution to quickly get up to speed on CMMC!

NOTE: this course will be completely UPDATED based on the CMMC Program final rule in December 2024!

Who is this course for?

The course provides a comprehensive overview of the FAR and DFARS cyber contractual requirements, NIST 800-171, and CMMC!

This overview course is excellent for practitioners who need a solid understanding of CMMC.

Most CMMC training is geared towards assessors and consultants, but our CMMC Overview course focuses on defense contractors and others who need to understand CMMC! This course is ideal for organizations in the Defense Industrial Base (DIB) who need to comply with CMMC, and will give you the knowledge you need to make informed decisions.

For executives, managers and others who only need a high level understanding of CMMC, we recommend our CMMC Awareness Training(link is external)

Learning Objectives

  • Types of information
    • Federal Contract Information (FCI)
    • Controlled Unclassified Information (CUI)
    • Government's CUI program
  • NIST 800-171
    • NFO Controls
    • NIST 800-171A
    • Artifacts such as the system security plan (SSP) and POA&M
  • Contractual Requirements
    • FAR and DFARS
    • DFARS 252.204-7012 - Safeguarding Covered Defense Information and Cyber Incident
    • DFARS 252.204-7019 - Notice of NIST SP 800-171 DoD Assessment Requirements
    • DFARS 252.204-7020 - NIST SP 800-171 DoD Assessment Requirements
    • DFARS 252.204-7021 - CMMC Requirements
  • NIST 800-171 DoD Assessment Methodology
    • DoD's assessment methodology and how to calculate a NIST 800-171 SPRS score
  • FedRAMP
    • FedRAMP and how it relates to DFARS 7012
    • FedRAMP Marketplace
  • CMMC
    • CMMC levels 1, 2, and 3
    • CMMC timeline
    • CMMC asset types and scoping guidance
    • CMMC assessment guidance
    • CMMC implications for Managed Services Providers (MSPs)
    • Joint Surveillance Voluntary Assessments (JSVAs)
    • Roles in the CMMC ecosystem such as the Cyber AB, CAICO, C3PAOs, RPOs, and more
    • 5-step action plan

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):