• Online, Instructor-Led

The Cybersecurity Maturity Model Certification (CMMC), managed by the CMMC Accreditation Body (CMMC-AB), is a program through which an organization's cybersecurity program is measured by their initial and ongoing compliance with applicable cybersecurity practices as well as their integration of corresponding policies and plans into their overall business operations. By Fiscal Year 2026, all organizations providing products or services to the US DoD must obtain at least a Maturity Level 1 certification under this program.

This course prepares students for the CMMC-AB Certified Professional (CP) certification, which authorizes the holder to use the CMMC-AB Certified Professional logo, to participate as an assessment team member under the supervision of a Certified Assessor, and to be listed in the CMMC-AB Marketplace. The CP certification is also prerequisite for the other certifications (CA-1, CA-3, and CA-5).

Learning Objectives

- Identify risks within the federal supply chain and the established standards for managing them.
- Describe how the CMMC model ensures compliance with federal acquisitions regulation.
- Identify responsibilities of the CMMC Certified Professional, including appropriate ethics and behavior.
- Identify regulated information and establish the Certification and, Assessment scope boundaries for evaluating the systems that protect that regulated information.
- Evaluate OSC readiness and determine the objective evidence you intend to present to the assessor.
- Use the NIST 800-171A and CMMC Assessment Guide to assess objective evidence for processes and practices.
- Implement and evaluate practices required to meet CMMC maturity level 1.
- Implement and evaluate processes and practices required to meet CMMC maturity level 2.
- Implement and evaluate processes and practices required to meet CMMC maturity level 3.
- Identify processes and practices required to meet CMMC maturity levels 4 and 5.
- As a Certified Professional, work through the logistics of a CMMC assessment, including planning for and conducting the assessment, as well as any follow-up processes, such as remediation and adjudication.
- Perform the role of a Certified Professional.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Risk Management
  • Legal Advice and Advocacy

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.