Do you support the United States Department of Defense (DoD)? Have you heard about security requirements from NIST 800-171 or the Cybersecurity Maturity Model Certification (CMMC), but don’t know where to start? Then this online CMMC overview course is for YOU!
Who is course this for?
The majority of CMMC training is meant for assessors and consultants, but there aren’t many courses for organizations who need to understand the process.
This course provides a comprehensive overview of the DFARS cyber contractual requirements, NIST 800-171, and CMMC. It is ideal for organizations in the Defense Industrial Base (DIB) who need to comply with CMMC, as well as government personnel who manage DoD contracts and contractors – the course is also available for sale to government on GSA Advantage.
The course is delivered in a bottom-line-up-front format and can benefit both leadership and practitioners, however, it does not go “into the weeds” of the security controls and strategies to comply with them.
Jacob Hill has been leading a small business towards NIST 800-171 compliance and ultimately CMMC certification for several years, and he understands the struggles small and medium businesses (SMBs) face.
This course is up to date with CMMC 2.0 (will soon be updated based on CMMC 2.1)! CMMC is an evolving topic, and the course will be updated as new information becomes available.
What is CMMC?
CMMC is a cybersecurity compliance and certification program which DoD created that is focused on gaining assurance that its supporting contractors are implementing the 110 requirements to protect its controlled unclassified information (CUI). Nearly all DoD contractors will need to be CMMC compliant or certified to be able to do business with the DoD.
CMMC requirements should begin to appear in contracts in late 2024.
What is NIST 800-171?
The majority of CMMC’s requirements are based on NIST 800-171, “Protecting CUI in Nonfederal Systems and Organizations.” Most contractors are ALREADY required to comply with NIST 800-171 per DFARS 252.204-7012, and have been required to comply since December of 2017.
Are you compliant? If not, do you know what steps you need to take?
What Companies need to be CMMC Certified?
Nearly all DoD contractors will be required to comply with CMMC in some manner. CMMC consists of 3 levels, and the requirements vary per level:
- CMMC Level 1
- Implement 15 CMMC controls
- Required for contracts with federal contract information (FCI)
- Contractor is required to perform a self-assessment – no 3rd-party assessment is required
- CMMC Level 2
- Implement 110 CMMC controls
- Required for contracts with CUI
- Nearly all contracts will require a 3rd-party assessment by a C3PAO resulting in CMMC certification
- CMMC Level 3
- Implement 24 additional CMMC controls
- Required for DoD’s most critical CUI programs
- All contracts will require a 3rd-party assessment by DIBCAC resulting in CMMC certification
Arm yourself with the knowledge you need to know to successfully navigate NIST 800-171’s and CMMC’s processes. Don’t let your business fail because you didn’t achieve compliance or certification.
Thank you to the following subject matter experts who peer reviewed this course:
- Koren Wise | Certified CMMC Professional, CMMC Provisional Instructor, CMMC Provisional Assessor Candidate, CMMC Licensed Training Provider, CISSP, PMP
- Paul Veeneman | CMMC Registered Practitioner, CISSP, CISM, CRISC
* Note that this course is not affiliated with the DoD, the CyberAB (also known as the CMMC Accreditation Body), or the Cybersecurity Assessor and Instructor Certification Organization (CAICO).
What Will You Learn?
- What is Federal Contract Information (FCI)
- What is Controlled Unclassified Information (CUI)
- The history of NIST 800-171 & CMMC and what it means to you
- What DFARS 252.204-7012, 7019, 7020, and 7021 mean to you
- How to comply with NIST 800-171
- The 110 NIST 800-171 security requirements
- How to calculate a NIST 800-171 score per the DoD assessment methodology
- How NIST 800-171 relates to CMMC
- When CMMC will be required
- The 110+ CMMC practices
- The 3 levels of CMMC
- Which CMMC levels require self-assessment & 3rd-party assessment
- Roles in the CMMC assessment ecosystem
- How to scope for CMMC
- How to prepare for a CMMC assessment
- How do I get CMMC certified
- Next steps
Types of Information
What is Federal Contract Information (FCI)01:35
What is Controlled Unclassified Information (CUI)04:38
What is Covered Defense Information (CDI)05:01
Types of Information Quiz
NIST 800-171 Overview
NIST 800-171 Overview04:37
NIST 800-171 Security Controls Review05:14
NIST 800-171 NFO Controls09:14
NIST 800-171A Review04:57
Systems Security Plan (SSP)04:32
NIST 800-171 Overview Quiz
NIST 800-171 DFARS Clauses
FAR & DFARS Overview03:15
DFARS 252.204-7012 – Safeguarding Covered Defense Information and Cyber Incident Reporting04:43
DFARS 252.204-7019 – Notice of NIST SP 800-171 DoD Assessment Requirements03:24
DFARS 252.204-7020 – NIST SP 800-171 DoD Assessment Requirements06:10
NIST 800-171 DFARS Clauses Quiz
NIST 800-171 DoD Assessment Methodology
DoD Assessment Methodology Overview03:56
NIST 800-171 DoD Assessment Methodology Quiz
CMMC 2.0 Overview01:41
DFARS 252.204-7021 – CMMC Requirements03:59
Differences Between CMMC 1.0 and 2.004:01
CMMC Level 104:01
CMMC Level 302:47
CMMC Overview Quiz
CMMC Scoping Guides
CMMC Asset Types10:28
Out of Scope Assets Separation Techniques02:39
CMMC Scoping Guidance Quiz
CMMC Assessment Guides
CMMC Assessment Guidance06:18
CMMC Assessment Guide Quiz
CMMC Ecosystem Roles
CMMC Consultants – RPs, RPAs, and RPOs01:57
CMMC Assessors – CCPs, CCAs, and C3PAOs03:30
Cyber AB Marketplace01:50
CMMC Ecosystem Quiz
Step 1 – Determine CMMC Level03:31
Step 2 – Technical Design & CMMC Scope07:36
Step 3 – Implement & Document07:00
Step 4 – Assessment01:44
Step 5 – Monitor01:27
CMMC Action Plan Quiz
Student Ratings & Reviews
I would recommend this course for those wanting to learn more about CMMC/DFARS/NIST/CUI. Perhaps the course could also be beneficial for those studying for CCP as a review (my case [we will see]). Overall solid information is presented in this fairly short course Great job in educating the masses on this complex subject.
As the 171 versions continue to change with version numbers, I hope the content of this course evolves with it, or supplements are offered to provide an overview in a course format such as this to understand the most recent versions of all CMMC related requirements and frameworks.
Anyone interested in expanding their current knowledge of CMMC, or gaining a solid foundation, highly recommend this course!
This course really connects the different compliance requirements to the government policies in a clear and easily understandable way.
Hopefully as CMMC 2.0 implementation become closer to implementation we can see some template documents for the Scope document and the Self-Assessment report.
The information (videos) is current, and it's broken down to small chunks which prevents the student from losing interest. The order in which information is presented is logical and makes it easy to understand and remember.
I appreciated the end of chapter Quizes which showed me my weaknesses so I could go back and review the material.
Another amazing feature of the course that in each chapter there are links provided to the official government resources related to the discussed material.
Overall great course and I highly recommend it to anyone to get familiar or refresh their CMMC and NIST 800-171 knowledge.
Each topic is logically broken down into bite-size videos, and I found my self practically glued to my notepad writing down all the valuable information.
This area has a lot of interconnected information originating from various published documents (NIST, FAR, DFAR, CMMC) that could easily be overwhelming or even overlooked by someone just entering this DoD compliance space. Every video section did a great job explaining the referenced documents, how they applied, and included links to each document on resource.
Not only do you walk away with new knowledge towards CMMC, but this course also provides a plan of action to start assist you and your organization with beginning this compliance journey on a strong and actionable foundation.
I hope that Jacob and the GRC Academy continue to improve an already great product.
Good going Jason, thanks for showing us how to put together a very understandable approach to digesting CMMC and SP 800-171.
Mike Parsons, MBA, CISSP
Senior Cybersecurity Architect and Mentor
Jacob's concise and detailed presentation style, in addition to the provided resources (e.g., DoD CIO CMMC documentation, the DFARS and FAR regulations, the control explorer) are valuable tools for any GRC professional's utility belt especially as they venture into compliance and security for the Defense Industrial Base.
We are fortunate to have people like Jacob producing this kind of accessible yet high-quality training content.