• Online, Self-Paced
Course Description

Are you overwhelmed by CMMC? This course will save you WEEKS of research and set you up for success as you prepare for CMMC!

This course has been completely UPDATED based on the December 2023 CMMC Program proposed rule!

The course provides a comprehensive overview of the FAR and DFARS cyber contractual requirements, NIST 800-171, and CMMC!

This overview course is excellent for practitioners who need a solid understanding of CMMC. For executives, managers and others who only need a high level understanding of CMMC, we recommend our CMMC Awareness Training.

This course is ideal for organizations in the Defense Industrial Base (DIB) who need to comply with CMMC, and will give you the knowledge you need to make informed decisions.

Learning Objectives

  • Types of information
    • Federal Contract Information (FCI)
    • Controlled Unclassified Information (CUI)
    • Government's CUI program
  • NIST 800-171
    • NFO Controls
    • NIST 800-171A
    • Artifacts such as the system security plan (SSP) and POA&M
  • Contractual Requirements
    • FAR and DFARS
    • DFARS 252.204-7012 - Safeguarding Covered Defense Information and Cyber Incident
    • DFARS 252.204-7019 - Notice of NIST SP 800-171 DoD Assessment Requirements
    • DFARS 252.204-7020 - NIST SP 800-171 DoD Assessment Requirements
    • DFARS 252.204-7021 - CMMC Requirements
  • NIST 800-171 DoD Assessment Methodology
    • DoD's assessment methodology and how to calculate a NIST 800-171 SPRS score
  • FedRAMP
    • FedRAMP and how it relates to DFARS 7012
    • FedRAMP Marketplace
  • CMMC
    • CMMC levels 1, 2, and 3
    • CMMC timeline
    • CMMC asset types and scoping guidance
    • CMMC assessment guidance
    • CMMC implications for Managed Services Providers (MSPs)
    • Joint Surveillance Voluntary Assessments (JSVAs)
    • Roles in the CMMC ecosystem such as the Cyber AB, CAICO, C3PAOs, RPOs, and more
    • 5-step action plan

Framework Connections