(45 Ratings)

CMMC Overview Training

Categories: CMMC, NIST 800-171
Wishlist Share
Share Course
Page Link
Share On Social Media

About Course

Do you support the United States Department of Defense (DoD)? Have you heard about security requirements from NIST 800-171 or the Cybersecurity Maturity Model Certification (CMMC), but don’t know where to start? Then this online CMMC overview course is for YOU!

Who is course this for?

The majority of CMMC training is meant for assessors and consultants, but there aren’t many courses for organizations who need to understand the process.

This course provides a comprehensive overview of the DFARS cyber contractual requirements, NIST 800-171, and CMMC. It is ideal for organizations in the Defense Industrial Base (DIB) who need to comply with CMMC, as well as government personnel who manage DoD contracts and contractors – the course is also available for sale to government on GSA Advantage.

The course is delivered in a bottom-line-up-front format and can benefit both leadership and practitioners, however, it does not go “into the weeds” of the security controls and strategies to comply with them.

Jacob Hill has been leading a small business towards NIST 800-171 compliance and ultimately CMMC certification for several years, and he understands the struggles small and medium businesses (SMBs) face.

This course is up to date with CMMC 2.0 (will soon be updated based on CMMC 2.1)! CMMC is an evolving topic, and the course will be updated as new information becomes available.

Enroll Now

What is CMMC?

CMMC is a cybersecurity compliance and certification program which DoD created that is focused on gaining assurance that its supporting contractors are implementing the 110 requirements to protect its controlled unclassified information (CUI). Nearly all DoD contractors will need to be CMMC compliant or certified to be able to do business with the DoD.

CMMC requirements should begin to appear in contracts in late 2024.

What is NIST 800-171?

The majority of CMMC’s requirements are based on NIST 800-171, “Protecting CUI in Nonfederal Systems and Organizations.” Most contractors are ALREADY required to comply with NIST 800-171 per DFARS 252.204-7012, and have been required to comply since December of 2017.

Are you compliant? If not, do you know what steps you need to take?

What Companies need to be CMMC Certified?

Nearly all DoD contractors will be required to comply with CMMC in some manner. CMMC consists of 3 levels, and the requirements vary per level:

  • CMMC Level 1
    • Implement 15 CMMC controls
    • Required for contracts with federal contract information (FCI)
    • Contractor is required to perform a self-assessment – no 3rd-party assessment is required
  • CMMC Level 2
    • Implement 110 CMMC controls
    • Required for contracts with CUI
    • Nearly all contracts will require a 3rd-party assessment by a C3PAO resulting in CMMC certification
  • CMMC Level 3
    • Implement 24 additional CMMC controls
    • Required for DoD’s most critical CUI programs
    • All contracts will require a 3rd-party assessment by DIBCAC resulting in CMMC certification

Enroll Now

Arm yourself with the knowledge you need to know to successfully navigate NIST 800-171’s and CMMC’s processes. Don’t let your business fail because you didn’t achieve compliance or certification.

Peer Reviewers

Thank you to the following subject matter experts who peer reviewed this course:

Closing Thoughts

*  Note that this course is not affiliated with the DoD, the CyberAB (also known as the CMMC Accreditation Body), or the Cybersecurity Assessor and Instructor Certification Organization (CAICO).

Enroll Now
Show More

What Will You Learn?

  • What is Federal Contract Information (FCI)
  • What is Controlled Unclassified Information (CUI)
  • The history of NIST 800-171 & CMMC and what it means to you
  • What DFARS 252.204-7012, 7019, 7020, and 7021 mean to you
  • How to comply with NIST 800-171
  • The 110 NIST 800-171 security requirements
  • How to calculate a NIST 800-171 score per the DoD assessment methodology
  • How NIST 800-171 relates to CMMC
  • When CMMC will be required
  • The 110+ CMMC practices
  • The 3 levels of CMMC
  • Which CMMC levels require self-assessment & 3rd-party assessment
  • Roles in the CMMC assessment ecosystem
  • How to scope for CMMC
  • How to prepare for a CMMC assessment
  • How do I get CMMC certified
  • Next steps

Course Content


Types of Information
Learn about the types of information that are pertinent to NIST 800-171 and CMMC.

NIST 800-171 Overview
Learn about NIST 800-171, NFO controls, assessment procedures, and the SSP and POA&M.

NIST 800-171 DFARS Clauses
Learn what the purpose of the FAR and DFARS is and what is contained within the DFARS clauses which pertain to cybersecurity requirements for protecting CUI on nonfederal systems.

NIST 800-171 DoD Assessment Methodology
Learn how to calculate NIST 800-171 SPRS scores in accordance with the DoD Assessment Methodology.

Learn about FedRAMP, how it relates to DFARS 252.204-7012, and how to use the FedRAMP Marketplace.

CMMC Overview
Learn about CMMC, when it will be required, what is contained in DFARS 252.204-7021, and its 3 levels.

CMMC Scoping Guides
Learn how to scope assets in your organization by understanding the CMMC asset types and the requirements for each.

CMMC Assessment Guides
Learn about the DoD's assessment guidance and who is responsible for conducting assessments for CMMC levels 1 - 3.

CMMC Ecosystem Roles
Learn about the roles in the CMMC ecosystem.

Action Plan
Actionable steps to achieve CMMC compliance or certification.

Closing Thoughts

Student Ratings & Reviews

Total 45 Ratings
45 Ratings
0 Rating
0 Rating
0 Rating
0 Rating
5 days ago
Excellent course! Jacob does a terrific job at breaking down the key concepts of CMMC. Highly recommended!
1 week ago
Greetings, everyone! This course is an absolute must-have for anyone who is looking to navigate the complex twists and turns of the CMMC and other Government Standards. Jacob is extremely thorough in his presentation, and the fact that he personally provides you with instruction is a major, major benefit. His expertise shines through in every video, and when you take the quizzes at the end of the sections, you'll be pleasantly surprised at how much new knowledge you've retained. My team considers GRC Academy to be The Definitive Course for anyone seeking CMMC and other Government Requirements training. GRC Academy doesn't cut corners, and you'll see that right away. The training moves at a great pace without wasting time, and it repeats information enough for you to retain it with clarity. It's an extremely reasonable investment to get you months or years ahead on knowledge that would have otherwise been scattered all over the map. I estimate that Jacob's course, materials, and quizzes, have saved me over 10 weeks of research and grinding out details.
1 week ago
This was the most indepth training that will make you fully understand what a CMMC certification means. I recommend GRC Academy for anyone looking to learn more about CMMC, FedRamp, and NIST 800-171, especially with Businesses that deal with DOD contracts. Easy to listen to and understand the information being taught. This is a fantastic Or who want to learn about ways to make their digital assets secure.
3 weeks ago
The CMMC Overview Training course was thoughtfully and expertly put together by Jacob Hill and the GRC Academy team! A truly outstanding and highly professional production! I appreciate the holistic approach, starting with the "why" of CMMC and its interconnection and history with various rules and regulations. As a life-long learner and cybersecurity professional, I'm glad to have discovered this course. I highly recommend it to anyone wanting to learn about CMMC!
3 weeks ago
Jacob Hill does an excellent job of breaking down CMMC along with NIST 800 171 for all levels. I would recommend this course to anyone wanting to learn or get a refresher on the coming CMMC certification and what is the best path forward for their company for certification.
3 weeks ago
Great content and wonderful timing! Just started my transition out of the military and Jacob Hill offered this course free to Veterans. Currently in Skillbridge, I am involved in a project focused on CMMC and this course enabled me to get a full overview in just a few hours. I highly recommend this course. Thank you, Jacob!
3 weeks ago
Completed GRC Academy's CMMC Overview Training course last night. Overall, the course provides a great overview of what CUI is and how applicable DFARS clauses play into each other. Don't let the advertised audiance (SMBs) fool you though. Although the course is geared towards SMBs, mid and executive level professionals within large corporations who deal with DoD contracting could benefit from the course as well.

I would recommend this course for those wanting to learn more about CMMC/DFARS/NIST/CUI. Perhaps the course could also be beneficial for those studying for CCP as a review (my case [we will see]). Overall solid information is presented in this fairly short course Great job in educating the masses on this complex subject.
3 weeks ago
After beginning to familiarize myself with NIST 800-171, and conducting a few independent assessments in my professional career, this course was fantastic to gather a solid overview and foundational level of knowledge to supplement the reading I was doing.

As the 171 versions continue to change with version numbers, I hope the content of this course evolves with it, or supplements are offered to provide an overview in a course format such as this to understand the most recent versions of all CMMC related requirements and frameworks.

Anyone interested in expanding their current knowledge of CMMC, or gaining a solid foundation, highly recommend this course!
4 weeks ago
I enrolled in this course with a decade of military experience but no prior knowledge of the Cybersecurity Maturity Model Certification (CMMC). The study was a game-changer for me. It was structured to leverage my military background, making the complex concepts of cyber hygiene and security levels accessible and relatable. The instructor was knowledgeable and adept at connecting the dots between military operations and cyber defense mechanisms, which I found immensely valuable. The practical exercises were particularly impactful, allowing me to apply theoretical knowledge in a simulated environment resembling real-world scenarios. By the end of the course, I gained a robust understanding of CMMC and felt equipped to integrate these practices into my current role. The resources provided were top-notch, and the support network of fellow course participants has become an invaluable asset to my professional network. This course is a must for any military personnel transitioning into a cybersecurity role—it gets a resounding five stars from me.
2 months ago
This is the course I wish I'd had as a Contracting Officer's Representative (COR) five years ago while I was working two large critical Government wide contracts with large financial institutions as they went the documentation, asset inventory, assessment, POA&M process, monitoring, and incident reporting. This course is the PERFECT breakdown of the topic! BRAVO to Jacob Hill and GRC Academy for pulling difficult material together in a methodical, comprehensive, and easy to follow manner. I am sending the link for this course to my former Government counterparts and clients in need of a straight-forward resource with links to source documents.
2 months ago
Great content! This broke down a lot of critical information about the requirements for CMMC which is just what I was looking for.

This course really connects the different compliance requirements to the government policies in a clear and easily understandable way.

Hopefully as CMMC 2.0 implementation become closer to implementation we can see some template documents for the Scope document and the Self-Assessment report.
2 months ago
Excellent course and great content! Will definitely take more courses on GRC Academy. This course brought new light to CMMC compliance and was very helpful.
3 months ago
I absolutely enjoyed the CMMC Overview Training.
The information (videos) is current, and it's broken down to small chunks which prevents the student from losing interest. The order in which information is presented is logical and makes it easy to understand and remember.
I appreciated the end of chapter Quizes which showed me my weaknesses so I could go back and review the material.
Another amazing feature of the course that in each chapter there are links provided to the official government resources related to the discussed material.
Overall great course and I highly recommend it to anyone to get familiar or refresh their CMMC and NIST 800-171 knowledge.
3 months ago
Excellent course for anyone looking to learn more about CMMC or NIST 800-171!

Each topic is logically broken down into bite-size videos, and I found my self practically glued to my notepad writing down all the valuable information.

This area has a lot of interconnected information originating from various published documents (NIST, FAR, DFAR, CMMC) that could easily be overwhelming or even overlooked by someone just entering this DoD compliance space. Every video section did a great job explaining the referenced documents, how they applied, and included links to each document on resource.

Not only do you walk away with new knowledge towards CMMC, but this course also provides a plan of action to start assist you and your organization with beginning this compliance journey on a strong and actionable foundation.
4 months ago
Outstanding! The instructor taught in a really kind yet professional way. I understood all the basics of CMMC and NIST 800 now. Thank you Jacob Hill.
4 months ago
This was a great course. I highly recommend it for anybody involved with CMMC and SP 800-171 requirements. The resources provided were outstanding. GRC Academy has kept the content current with the relevant events and documents emerging from DOD and NIST at a rather fast rate.

I hope that Jacob and the GRC Academy continue to improve an already great product.

Good going Jason, thanks for showing us how to put together a very understandable approach to digesting CMMC and SP 800-171.

Mike Parsons, MBA, CISSP
Senior Cybersecurity Architect and Mentor
5 months ago
Completing this course is a great jump start for those that are new to the CMMC world and this will prepare you for what is to come on the journey of acquiring follow on training and certifications. For those that are familiar with the cybersecurity aspect and may have lost touch, this is a great refresher as you get reintegrated back into this realm. Highly recommend this course and I also look forward to what is to come next.
5 months ago
What a great foundational course for CMMC understanding! This overview was very beneficial to me as I recently transitioned from Active Duty Navy to the DoD contracting world. Governance, risk, & compliance (GRC) plays a huge role on both sides for safeguarding sensitive data yet the language & requirements are very different. GRC Academy’s CMMC overview provided an incredible breakdown & will be excellent to use for reference. Well done!
5 months ago
Awesome course! If you are a business that is required to become CMMC certified, or you are new to compliance and want to learn about CMMC, this is the place to start. The lessons are broken down into understandable and clear sections. The quizzes at the end of each section are well-written and test your knowledge of what you just learned. I highly recommend this course. Thank You, Jacob.
6 months ago
As a relative newcomer to the CMMC space, and as a student preparing for the CMMC CCP exam, I found this training course to be a refreshing overview of key concepts surrounding the CMMC program, the federal regulations and laws that drive it, entities that comprise the CMMC Ecosystem, the NIST special publications that serve as its security control frameworks, and much more.

Jacob's concise and detailed presentation style, in addition to the provided resources (e.g., DoD CIO CMMC documentation, the DFARS and FAR regulations, the control explorer) are valuable tools for any GRC professional's utility belt especially as they venture into compliance and security for the Defense Industrial Base.

We are fortunate to have people like Jacob producing this kind of accessible yet high-quality training content.