The Cybersecurity Maturity Model Certification (CMMC), managed by the CMMC Accreditation Body (CMMC-AB), is a program through which an organization's cybersecurity program is measured by their initial and ongoing compliance with applicable cybersecurity practices as well as their integration of corresponding policies and plans into their overall business operations. By Fiscal Year 2026, all organizations providing products or services to the US DoD must obtain at least a Maturity Level 1 certification under this program.
This course prepares students for the CMMC-AB Certified Professional (CP) certification, which authorizes the holder to use the CMMC-AB Certified Professional logo, to participate as an assessment team member under the supervision of a Certified Assessor, and to be listed in the CMMC-AB Marketplace. The CP certification is also prerequisite for the other certifications (CA-1, CA-3, and CA-5).
Learning Objectives
- Identify risks within the federal supply chain and the established standards for managing them.
- Describe how the CMMC model ensures compliance with federal acquisitions regulation.
- Identify responsibilities of the CMMC Certified Professional, including appropriate ethics and behavior.
- Identify regulated information and establish the Certification and, Assessment scope boundaries for evaluating the systems that protect that regulated information.
- Evaluate OSC readiness and determine the objective evidence you intend to present to the assessor.
- Use the NIST 800-171A and CMMC Assessment Guide to assess objective evidence for processes and practices.
- Implement and evaluate practices required to meet CMMC maturity level 1.
- Implement and evaluate processes and practices required to meet CMMC maturity level 2.
- Implement and evaluate processes and practices required to meet CMMC maturity level 3.
- Identify processes and practices required to meet CMMC maturity levels 4 and 5.
- As a Certified Professional, work through the logistics of a CMMC assessment, including planning for and conducting the assessment, as well as any follow-up processes, such as remediation and adjudication.
- Perform the role of a Certified Professional.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Risk Management
- Legal Advice and Advocacy
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@hq.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.