(33 Ratings)

CMMC Overview Training

Categories: CMMC, NIST 800-171
Wishlist Share
Share Course
Page Link
Share On Social Media

About Course

Do you support the United States Department of Defense (DoD)? Have you heard about security requirements from NIST 800-171 or the Cybersecurity Maturity Model Certification (CMMC), but don’t know where to start? Then this online CMMC overview training is for YOU!

The majority of CMMC training is meant for assessors and consultants, but there aren’t many courses for organizations to help them understand the process. This course is also available for sale to government on GSA Advantage.

Jacob Hill has been leading a small business towards NIST 800-171 compliance and ultimately CMMC certification since 2018, and he understands the struggles small and medium businesses (SMBs) face.

This course is up to date with CMMC 2.0 (will soon be updated based on CMMC 2.1)! CMMC is an evolving topic, and as new information becomes available, the course will be updated.

Enroll Now

What is CMMC?

CMMC is a cybersecurity compliance and certification framework which DoD created to gain assurance that its supporting contractors are implementing the 110 requirements to protect its controlled unclassified information (CUI). Nearly all DoD contractors will need to be CMMC compliant or certified to work for DoD.

CMMC requirements should begin to appear in contracts in late 2024.

What is NIST 800-171?

The majority of CMMC’s requirements are based on NIST 800-171, “Protecting CUI in Nonfederal Systems and Organizations.” Most contractors are ALREADY required to comply with NIST 800-171 per DFARS 252.204-7012, and have been required to comply since December of 2017.

Are you compliant? If not, do you know what steps you need to take?

What Companies need to be CMMC Certified?

All businesses will be required to implement CMMC. CMMC consists of 3 levels, and the requirements vary per level:

  • CMMC Level 1
    • Implement 15 CMMC requirements
    • Required for contracts with federal contract information (FCI)
    • Contractor is required to perform a self-assessment – no 3rd-party assessment is required
  • CMMC Level 2
    • Implement 110 CMMC requirements
    • Required for contracts with CUI
    • Nearly all contracts will require a 3rd-party assessment by a C3PAO resulting in CMMC certification
  • CMMC Level 3
    • Implement 134 CMMC requirements
    • Required for DoD’s most critical CUI programs
    • All contracts will require a 3rd-party assessment by DIBCAC resulting in CMMC certification

Who is course this for?

This course provides an overview of NIST 800-171 and CMMC. It is delivered in a bottom-line-up-front format and can benefit leadership and practitioners, however, it is not “in the weeds” of the controls, and how to comply with them.

Enroll Now

Arm yourself with the knowledge you need to know to successfully navigate NIST 800-171’s and CMMC’s processes. Don’t let your business fail because you didn’t achieve compliance or certification.

Peer Reviewers

Thank you to the following subject matter experts who peer reviewed this course:

Closing Thoughts

*  Note that this course is not affiliated with the DoD, the CyberAB (formerly known as the CMMC Accreditation Body), or the Cybersecurity Assessor and Instructor Certification Organization (CAICO).

Enroll Now
Show More

What Will You Learn?

  • What is Federal Contract Information (FCI)
  • What is Controlled Unclassified Information (CUI)
  • The history of NIST 800-171 & CMMC and what it means to you
  • What DFARS 252.204-7012, 7019, 7020, and 7021 mean to you
  • How to comply with NIST 800-171
  • The 110 NIST 800-171 security requirements
  • How to calculate a NIST 800-171 score per the DoD assessment methodology
  • How NIST 800-171 relates to CMMC
  • When CMMC will be required
  • The 110+ CMMC practices
  • The 3 levels of CMMC
  • Which CMMC levels require self-assessment & 3rd-party assessment
  • Roles in the CMMC assessment ecosystem
  • How to scope for CMMC
  • How to prepare for a CMMC assessment
  • How do I get CMMC certified
  • Next steps

Course Content


Types of Information
Learn about the types of information that are pertinent to NIST 800-171 and CMMC.

NIST 800-171 Overview
Learn about NIST 800-171, NFO controls, assessment procedures, and the SSP and POA&M.

NIST 800-171 DFARS Clauses
Learn what the purpose of the FAR and DFARS is and what is contained within the DFARS clauses which pertain to cybersecurity requirements for protecting CUI on nonfederal systems.

NIST 800-171 DoD Assessment Methodology
Learn how to calculate NIST 800-171 SPRS scores in accordance with the DoD Assessment Methodology.

Learn about FedRAMP, how it relates to DFARS 252.204-7012, and how to use the FedRAMP Marketplace.

CMMC Overview
Learn about CMMC, when it will be required, what is contained in DFARS 252.204-7021, and its 3 levels.

CMMC Scoping Guides
Learn how to scope assets in your organization by understanding the CMMC asset types and the requirements for each.

CMMC Assessment Guides
Learn about the DoD's assessment guidance and who is responsible for conducting assessments for CMMC levels 1 - 3.

CMMC Ecosystem Roles
Learn about the roles in the CMMC ecosystem.

Action Plan
Actionable steps to achieve CMMC compliance or certification.

Closing Thoughts

Student Ratings & Reviews

Total 33 Ratings
33 Ratings
0 Rating
0 Rating
0 Rating
0 Rating
2 weeks ago
I absolutely enjoyed the CMMC Overview Training.
The information (videos) is current, and it's broken down to small chunks which prevents the student from losing interest. The order in which information is presented is logical and makes it easy to understand and remember.
I appreciated the end of chapter Quizes which showed me my weaknesses so I could go back and review the material.
Another amazing feature of the course that in each chapter there are links provided to the official government resources related to the discussed material.
Overall great course and I highly recommend it to anyone to get familiar or refresh their CMMC and NIST 800-171 knowledge.
4 weeks ago
Excellent course for anyone looking to learn more about CMMC or NIST 800-171!

Each topic is logically broken down into bite-size videos, and I found my self practically glued to my notepad writing down all the valuable information.

This area has a lot of interconnected information originating from various published documents (NIST, FAR, DFAR, CMMC) that could easily be overwhelming or even overlooked by someone just entering this DoD compliance space. Every video section did a great job explaining the referenced documents, how they applied, and included links to each document on resource.

Not only do you walk away with new knowledge towards CMMC, but this course also provides a plan of action to start assist you and your organization with beginning this compliance journey on a strong and actionable foundation.
2 months ago
Outstanding! The instructor taught in a really kind yet professional way. I understood all the basics of CMMC and NIST 800 now. Thank you Jacob Hill.
2 months ago
This was a great course. I highly recommend it for anybody involved with CMMC and SP 800-171 requirements. The resources provided were outstanding. GRC Academy has kept the content current with the relevant events and documents emerging from DOD and NIST at a rather fast rate.

I hope that Jacob and the GRC Academy continue to improve an already great product.

Good going Jason, thanks for showing us how to put together a very understandable approach to digesting CMMC and SP 800-171.

Mike Parsons, MBA, CISSP
Senior Cybersecurity Architect and Mentor
2 months ago
Completing this course is a great jump start for those that are new to the CMMC world and this will prepare you for what is to come on the journey of acquiring follow on training and certifications. For those that are familiar with the cybersecurity aspect and may have lost touch, this is a great refresher as you get reintegrated back into this realm. Highly recommend this course and I also look forward to what is to come next.
3 months ago
What a great foundational course for CMMC understanding! This overview was very beneficial to me as I recently transitioned from Active Duty Navy to the DoD contracting world. Governance, risk, & compliance (GRC) plays a huge role on both sides for safeguarding sensitive data yet the language & requirements are very different. GRC Academy’s CMMC overview provided an incredible breakdown & will be excellent to use for reference. Well done!
3 months ago
Awesome course! If you are a business that is required to become CMMC certified, or you are new to compliance and want to learn about CMMC, this is the place to start. The lessons are broken down into understandable and clear sections. The quizzes at the end of each section are well-written and test your knowledge of what you just learned. I highly recommend this course. Thank You, Jacob.
3 months ago
As a relative newcomer to the CMMC space, and as a student preparing for the CMMC CCP exam, I found this training course to be a refreshing overview of key concepts surrounding the CMMC program, the federal regulations and laws that drive it, entities that comprise the CMMC Ecosystem, the NIST special publications that serve as its security control frameworks, and much more.

Jacob's concise and detailed presentation style, in addition to the provided resources (e.g., DoD CIO CMMC documentation, the DFARS and FAR regulations, the control explorer) are valuable tools for any GRC professional's utility belt especially as they venture into compliance and security for the Defense Industrial Base.

We are fortunate to have people like Jacob producing this kind of accessible yet high-quality training content.
4 months ago
Jacob's course was phenomenal. The content is succinct and provides an excellent introduction of CMMC as well as the requirements that Small to Medium Sized Businesses must satisfy in order to flourish. Highly recommended for anyone interested in gaining knowledge about CMMC.
4 months ago
This was a great course to get a solid understand of NIST 800-171 and the CMMC certification process. Jacob Hill did a great job of breaking down all of the acronyms and references that support CMMC and made it easy to understand what reference should be used for scoping out an organization's CMMC efforts. Each video provided great details, and the section quizzes helps to reinforce the content learned.

I would recommend this course for individuals who work with government agencies and use NIST 800-171 to prepare for CMMC efforts or audit and validate commercial vendors security controls.
5 months ago
The course was well outlined and covered the most pertinent information in detail. I came away with a better understanding of the 5 Ws of CMMC compliance. The course resources were incredibly helpful and allowed me to understand how to understand the necessary accomplishing requirements for the control items.
I recently worked for a company that provided CMMC compliance work and had I gone through this course prior, it would have made understanding the details and regulations easier.
6 months ago
Jacob Hill did a great job putting all this information together. The content was engaging, relevant, and understandable. There is even a cameo from a current world leader! If your company has DOD contracts that will soon fall under CMMC then this course is for you. He goes through the entire process and explains the levels, steps, and even the organizations and tools needed to ensure you have no issues becoming CMMC compliant.
Ryan Williams
6 months ago
Excellent course and instructor! Thank you, Jacob Hill, for guiding me through the world of CMMC and I look forward to taking more of your classes in the future.

The information presented in the curriculum provides a wide base explaining the fundamentals of regulation and policy concerning CMMC and FedRAMP and how they will impact your business in the future.

As a Security, Compliance, and Risk Management project manager and vCISO I am required to have an understanding of multiple risk frameworks. I feel the information provided in the course allows me to speak intelligently to a customer about their CMMC and FedRAMP requirements. While simultaneously preparing me to take higher-level courses that will eventually make me a subject matter expert in this area.

If you or your business are looking to one day provide solutions for the Defense Industrial Base (DIB) this course should be your first stop.
6 months ago
This course is very informative and really very well done. It describes the CMMC process and terminologies very well. The summaries and the resources Jacob provide are very helpful. He covers the material in short clearly separated sections. I think it is perfect for a company who is seeking help and does not know what to expect and where to start. I highly recommend this course to gain knowledge about the CMMC process and requirements. Great job Jacob!
7 months ago
The GRC Academy and Jacob Hill did a great job with this course. I was familiar with the CMMC requirements prior to attending this course, but did learn a bit more about roles in the ecosystem and the requirements within each of the roles.

The course is structured, easy to understand and follow. It is easy to digest for anyone taking the course. Regardless of your position in an organization, it is a course for someone to learn from and become more knowledgeable than he/she was before. Education, training, and awareness are assets.

#grc, #duediligence, #exportcompliance #knowledgeispower #cybersecurity
7 months ago
This course was amazing! I took the opportunity to learn something outside of my comfort zone. This course is engaging and has a lot of hands-on information that is connect to each model that will help fill in knowledge gaps. I highly recommend this course to anyone interested in expanding their knowledge about CMMC!
7 months ago
I just completed the GRC Academy's CMMC training overview for small to medium businesses. The detail and overview that Jacob Hill put into the course work is extraordinary, and well put together. The information for NIST 800-171 controls and CMMC is broken down so anyone can understand the information. I highly recommend to anyone that may be associated with or potentially coming across CMMC level certification to go through this course. It will give you the knowledge and resources you need to be informed.
7 months ago
Just finished the CMMC Overview Training for Small and Medium Businesses (SMB) created by Jacob Hill (CISSP-ISSEP, CEH, ITIL). Thanks for all of your hard work on this course! An excellent resource to pair with the discord channel (https://discord.gg/cooey).

The website (https://lnkd.in/gTxhF9UP) has a ton of valuable information I refer back to often! Check it out! Thanks again Jacob! Well done!
7 months ago
I recently completed the "CMMC Overview Training for Small and Medium Businesses (SMB)" offered by GRC Academy and curated by Jacob Hill (CISSP-ISSEP, CEH, ITIL). CMMC is a cybersecurity compliance and certification framework created by the DoD to ensure that its supporting contractors implement the 110 requirements to protect its controlled unclassified information (CUI). The course was highly engaging, concise, and informative. I strongly recommend this training to anyone interested in learning about security requirements, NIST 800-171, and the CMMC. Almost all DoD contracts require CMMC compliance, so don't miss out!
7 months ago
This course was a great addendum to GRC training to break items down within the CMMC ecosystem. It has a small bite size procedure so you can avoid getting lost in all the details.