CMMC Overview Training for Small and Medium Businesses (SMB)
Do you support the United States Department of Defense (DoD)? Have you heard about security requirements from NIST 800-171 or the Cybersecurity Maturity Model Certification (CMMC), but don’t know where to start? Then this online CMMC overview training is for YOU!
The majority of CMMC training is meant for assessors and consultants, but there aren’t many courses for small and medium businesses to help them understand the process.
Jacob Hill created this CMMC overview course with SMBs in mind. Jacob has been leading a small business towards NIST 800-171 compliance and ultimately CMMC certification since 2018.
What is CMMC?
CMMC is a cybersecurity compliance and certification framework which DoD created to gain assurance that its supporting contractors are implementing the 110 requirements to protect its controlled unclassified information (CUI). Nearly all DoD contractors will need to be CMMC compliant or certified to work for DoD.
CMMC requirements should begin to appear in contracts in May of 2023.
What is NIST 800-171?
The majority of CMMC’s requirements are based on NIST 800-171, “Protecting CUI in Nonfederal Systems and Organizations.” Most contractors are ALREADY required to comply with NIST 800-171 per DFARS 252.204-7012, and have been required to comply since December of 2017.
Are you compliant? If not, do you know what steps you need to take?
What Companies need to be CMMC Certified?
All businesses will be required to implement CMMC. CMMC consists of 3 levels, and the requirements vary per level:
- CMMC Level 1
- Implement 17 CMMC practices
- Required for contracts with federal contract information (FCI)
- Contractor is required to perform a self-assessment – no 3rd-party assessment is required
- CMMC Level 2
- Implement 110 CMMC practices
- Required for contracts with CUI
- Nearly all contracts will require a 3rd-party assessment by a C3PAO resulting in CMMC certification
- CMMC Level 3
- Implement 110+ CMMC practices
- Required for DoD’s most critical CUI programs
- All contracts will require a 3rd-party assessment by DIBCAC resulting in CMMC certification
Who is course this for?
This course provides an overview of NIST 800-171 and CMMC. It is delivered in a bottom-line-up-front format and can benefit leadership and practitioners, however, it is not “in the weeds” of the controls, and how to comply with them.
Arm yourself with the knowledge you need to know to successfully navigate NIST 800-171’s and CMMC’s processes. Don’t let your business fail because you didn’t achieve compliance or certification.
Thank you to the following subject matter experts who peer reviewed this course:
- Koren Wise | Certified CMMC Professional, CMMC Provisional Instructor, CMMC Provisional Assessor Candidate, CMMC Licensed Training Provider, CISSP, PMP
- Paul Veeneman | CMMC Registered Practitioner, CISSP, CISM, CRISC
This course is up to date with CMMC 2.0! CMMC is an evolving topic, and as new information becomes available, this course will be updated.
* Note that this course is not affiliated with the DoD, the CyberAB (formerly known as the CMMC Accreditation Body), or the Cybersecurity Assessor and Instructor Certification Organization (CAICO).
What Will You Learn?
- What is Federal Contract Information (FCI)
- What is Controlled Unclassified Information (CUI)
- The history of NIST 800-171 & CMMC and what it means to you
- What DFARS 252.204-7012, 7019, 7020, and 7021 mean to you
- How to comply with NIST 800-171
- The 110 NIST 800-171 security requirements
- How to calculate a NIST 800-171 score per the DoD assessment methodology
- How NIST 800-171 relates to CMMC
- When CMMC will be required
- The 110+ CMMC practices
- The 3 levels of CMMC
- Which CMMC levels require self-assessment & 3rd-party assessment
- Roles in the CMMC assessment ecosystem
- How to scope for CMMC
- How to prepare for a CMMC assessment
- How do I get CMMC certified
- Next steps
Types of Information
What is Federal Contract Information (FCI)01:35
What is Controlled Unclassified Information (CUI)04:38
What is Covered Defense Information (CDI)05:01
Types of Information Quiz
NIST 800-171 Overview
NIST 800-171 Overview04:37
NIST 800-171 Security Controls Review05:14
NIST 800-171 NFO Controls09:14
NIST 800-171A Review04:57
Systems Security Plan (SSP)04:32
NIST 800-171 Overview Quiz
NIST 800-171 DFARS Clauses
FAR & DFARS Overview03:15
DFARS 252.204-7012 – Safeguarding Covered Defense Information and Cyber Incident04:43
DFARS 252.204-7019 – Notice of NIST SP 800-171 DoD Assessment Requirements03:24
DFARS 252.204-7020 – NIST SP 800-171 DoD Assessment Requirements06:10
NIST 800-171 DFARS Clauses Quiz
NIST 800-171 DoD Assessment Methodology
DoD Assessment Methodology Overview03:56
NIST 800-171 DoD Assessment Methodology Quiz
CMMC 2.0 Overview01:41
DFARS 252.204-7021 – CMMC Requirements03:59
Differences Between CMMC 1.0 and 2.004:01
CMMC Level 104:01
CMMC Level 302:47
CMMC Overview Quiz
CMMC Scoping Guides
CMMC Asset Types10:28
Out of Scope Assets Separation Techniques02:39
CMMC Scoping Guidance Quiz
CMMC Assessment Guides
CMMC Assessment Guidance06:18
CMMC Assessment Guide Quiz
CMMC Ecosystem Roles
CMMC Consultants – RPs, RPAs, and RPOs,01:57
CMMC Assessors – CCPs, CCAs, and C3PAOs03:46
Cyber AB Marketplace01:50
CMMC Ecosystem Quiz
Step 1 – Determine CMMC Level03:31
Step 2 – Technical Design & CMMC Scope07:36
Step 3 – Implement & Document07:00
Step 4 – Assessment01:44
Step 5 – Monitor01:27
CMMC Action Plan Quiz
Student Ratings & Reviews
The website (https://lnkd.in/gTxhF9UP) has a ton of valuable information I refer back to often! Check it out! Thanks again Jacob! Well done!
This was my first foray into CMMC, it was interesting how there was some overlap from my previous experience as a Contracting Officers Representative. Putting together contract documents like a SOW or requirements documentation means a bit more than simply copy-pasta clauses that you might not fully understand. If you are a Contracting Officer, COR about to start work on a new contract, or a business owner looking to bid on DoD contract work, take the time and go through the course.
As a business, you really need to start digging into the CMMC levels and the requirements to obtain each. There are a considerable amount of CMMC requirements to go from level 1 to levels 2 and 3.
The course had me thinking about follow on training from GRC Academy. Jacob's presentation style is in my wheelhouse. Little bits of humor and personal experiences kept me engaged. I love his upbeat presentation style as well. His intros for each video always made me smile.
Sincere kudos and much appreciation, Jacob.
I recommend this course for anyone looking to gain a better understanding on CMMC and its implementation.
If you have never heard of CMMC or are considering the certification, this is a great foundational course to familiarize yourself with it. Look no further!
Thank you GRC Academy and Jacob Hill. I look forward to exploring future courses.
Each module is short enough to provide you the needed information. The quiz at the end of each module re-enforces learning that some constructive learning took place. If I needed a refresher of the CMMC foundations this course with continual updates could provide that needed content.
Huge ‘Thank You’ to GRC Academy and Jacob Hill (CISSP-ISSEP, CEH, ITIL) for putting together such an informative, engaging and comprehensible course that had the right balance of material, case studies, quizzes and personality!
I highly recommend this training for anyone wanting to learn more about security requirements, NIST 800-171 and the CMMC – nearly all DoD contracts will require CMMC so don’t get left behind!
The structure of the course is solid. The concepts start broad and proceed to be specific in focus as the learner dives deeper into the understanding of CMMC. The course is easy to navigate with accessibility features. I thoroughly enjoyed learning about CMMC from GRC Academy and look forward to additional courses in the future.
I appreciated the real-world examples and case studies used to reinforce the concepts being taught. Jacob Hill is a knowledgeable and engaging instructor who truly cares about his students' understanding of the material.
The course exceeded my expectations and I would highly recommend it to anyone looking to gain a thorough understanding of these critical security standards. Even if your organization doesn't pursue certification, this is a great framework to implement controls to help protect your organization.
Overall, I am extremely grateful for the opportunity to take this course through GRC Academy and I believe that the knowledge and skills I gained will be invaluable in my future endeavors.
In addition to this course the website has been a GREAT Resource as I navigate these waters. Nice Job Jacob and can't wait to see what is next!!!!
The curriculum is structured into sections that build with each session and form the foundation that is referenced throughout subsequent modules within the course.
The course tempo and delivery suits the novice to intermediate stakeholder and decision-maker, effective for a variety of roles within any organization, and seeks to provide personnel the understanding of CMMC and what safeguarding Controlled Unclassified Information (CUI) means to the organization.
The course is structured, easy to understand and follow. It is easy to digest for anyone taking the course. Regardless of your position in an organization, it is a course for someone to learn from and become more knowledgeable than he/she was before. Education, training, and awareness are assets.
#grc, #duediligence, #exportcompliance #knowledgeispower #cybersecurity