Overview

The Cybersecurity Maturity Model Certification (CMMC), managed by The Cyber AB (formerly known as the CMMC Accreditation Body or the CMMC-AB), is a program through which an organization's cybersecurity program maturity is measured by their initial and ongoing compliance with applicable cybersecurity practices, as well as their integration of corresponding policies and plans into their overall business operations. Once rule-making has concluded and CMMC 2.0 has been implemented, all organizations providing products or services to the United States Department of Defense (DoD) must comply with the requirements of their applicable CMMC Level. This course provides a complete review of the key elements of this important program.

Important: This curriculum product is not considered CMMC-AB Approved Training Material (CATM). Although it contains the same information covered in the CCP training materials, this course is not intended as certification preparation and does not qualify students to sit for the CMMC CP certification exam.

Read more +

Prerequisites

No prequisites.

This course provides an immersive learning experience for business and technical professionals who need a thorough understanding of the CMMC program. It does this by taking the point of view of a CMMC Certified Professional. Students might consider taking this course to learn more about the overall CMMC program, how DoD contractors are assessed, and how to help their organizations prepare for a CMMC Assessment.

Read more +

Delegates will learn how to

In this course, you will learn about the CMMC Model, framework, context, and application within the DoD, as well as the expectations and requirements imposed upon organizations that do business with the DoD.

You will:

  • Identify the threats to the Defense Supply Chain and the established regulations and standards for managing the risk.
  • Identify the sensitive information that needs to be protected within the Defense Supply Chain and how to manage it.
  • Describe how the CMMC Model ensures compliance with federal acquisitions regulations.
  • Identify responsibilities of the Certified CMMC Professional, including appropriate ethical behavior.
  • Establish the Certification and Assessment scope boundaries for evaluating the systems that protect regulated information.
  • Prepare the OSC for an Assessment by evaluating readiness.
  • Use the CMMC Assessment Guides to determine and assess the Evidence for practices.
  • Implement and evaluate practices required to meet CMMC Level 1.
  • Identify the practices required to meet CMMC Level 2.
  • Work through the CMMC Assessment process.

Read more +

Outline

Module 1: Managing Risk within the Defense Supply Chain

  • Identify Threats to the Defense Supply Chain
  • Identify Regulatory Responses against Threats

Module 2: Handling Sensitive Information

  • Identify Sensitive Information
  • Manage the Sensitive Information

Module 3: Ensuring Compliance through CMMC

  • Describe the CMMC Model Architecture
  • Define the CMMC Program and Its Ecosystem
  • Define Self-Assessments

Module 4: Performing CCP Responsibilities

  • Identify Responsibilities of the CCP
  • Demonstrate Appropriate Ethics and Behavior

Module 5: Scoping Certification and Assessment Boundaries

  • Use the CMMC Assessment Scope Documentation
  • Get Oriented to the OSC Environment
  • Determine How Sensitive Information Moves
  • Identify Systems in Scope
  • Limit Scope

Module 6: Preparing the OSC

  • Foster a Mature Cybersecurity Culture
  • Evaluate Readiness

Module 7: Determining and Assessing Evidence

  • Determine Evidence
  • Assess the Practices Using the CMMC Assessment Guides

Module 8: Implementing and Evaluating Level 1

  • Identify CMMC Level 1 Domains and Practices
  • Perform a CMMC Level 1 Gap Analysis
  • Assess CMMC Level 1 Practices

Module 9: Identifying Level 2 Practices

  • Identify CMMC Level 2 Practices

Module 10: Working through an Assessment

  • Identify Assessment Roles and Responsibilities
  • Plan and Prepare the Assessment
  • Conduct the Assessment
  • Report the Assessment Results
  • Conduct the CMMC POA&M Close-Out Assessment

Appendix A: Evidence Collection Approach for CMMC Level 1 Practices

Appendix B: Additional Documentation for CCPs

Read more +

QA is proud to be an authorised CertNexus partner.

Cyber Security learning paths

Want to boost your career in cyber security? Click on the roles below to see QA's learning pathways, specially designed to give you the skills to succeed.

= Required
= Certification
AI Security
Application Security
Cyber Blue Team
Cybersecurity Maturity Model Certification (CMMC)
Cloud Security
Continuity & Resilience
DFIR Digital Forensics & Incident Response
Industrial Controls & OT Security
Information Security Management
NIST Pathway
Offensive Security
Privacy Professional
Reverse Engineer
Secure Coding
Security Auditor
Security Architect
Security Risk
Security Tech Generalist
Vulnerability Assessment & Penetration Testing