CMMC Training for DoD

CMMC isn’t just a contractor issue – it’s a mission-critical responsibility for DoD personnel.

Incorrect CMMC implementation can lead to higher costs to government, reduced competition, and severely impact small business participation in the defense supply chain.

This course equips DoD program managers, contracting officers, and defense acquisition personnel with the knowledge to correctly apply CMMC requirements to solicitations and contracts.

Jacob Hill (CMMC Certified Assessor, Level III DAWIA IT) is leading a CMMC compliance program at a small business and has teamed with Shauna Weatherly (President of FedSubK) to create this course.

Shauna (Level III DAWIA Contracting) has over 35 years of experience in federal service and held key acquisition roles including Chief of Contracting at DoD, Director for Contract Awards at FAA, and COR for the $700 billion GSA SmartPay 3 program.

This course will soon be available on GSA Advantage and other government contract vehicles.

Who Should Take This Course?

This course is for DoD personnel involved in determining CMMC levels for solicitations and contracts:

• Program managers responsible for defining CMMC levels in solicitations
• Contracting officers and procurement staff ensuring compliance with DFARS and FAR cybersecurity requirements
• Acquisition professionals who provide contract oversight

Why Should You Take This Course?

CMMC is the most impactful cybersecurity regulation in the history of our nation. CMMC certification (or compliance) will be required for nearly every DoD contract.

The success of CMMC relies on DoD personnel selecting the correct CMMC levels for solicitations and contracts. Incorrect CMMC level selection can result in higher costs, reduced competition, and disruption of the defense supply chain.

Misapplied CMMC requirements will drive small businesses out of the defense sector, weakening competition and innovation, and will also result in contract protests, project delays, and increased costs to DoD as fewer companies bid on contracts.

What is CMMC?

Cybersecurity Maturity Model Certification (CMMC) is a cybersecurity compliance and certification program which the United States Department of Defense (DoD) created that is focused on gaining assurance that its supporting contractors are implementing the 110 requirements to protect its controlled unclassified information (CUI). Nearly all DoD contractors will need to be CMMC compliant or certified to be able to do business with the DoD.

CMMC requirements should begin to appear in contracts by the summer of 2025.

What is NIST 800-171?

The majority of CMMC’s requirements are based on NIST 800-171, “Protecting CUI in Nonfederal Systems and Organizations.” Most contractors are ALREADY required to comply with NIST 800-171 per DFARS 252.204-7012, and have been required to comply since December of 2017.

Are you compliant? If not, do you know what steps you need to take?

What Companies need to be CMMC Certified?

Nearly all DoD contractors will be required to comply with CMMC in some manner. CMMC consists of 3 levels, and the requirements vary per level:

• CMMC Level 1
  • Implement 15 CMMC controls
  • Required for contracts with federal contract information (FCI)
  • Contractor is required to perform a self-assessment – no 3rd-party assessment is required
• CMMC Level 2
  • Implement 110 CMMC controls
  • Required for contracts with CUI
  • Nearly all contracts will require a 3rd-party assessment by a C3PAO resulting in CMMC certification
• CMMC Level 3
  • Implement 24 additional CMMC controls
  • Required for DoD’s most critical CUI programs
  • All contracts will require a 3rd-party assessment by DIBCAC resulting in CMMC certification

CMMC is an evolving field, and this course will be updated as changes occur. This course will be completely UPDATED based on the CMMC Program final rule in April 2025!

*This course is not affiliated with the DoD, the CyberAB (also known as the CMMC Accreditation Body) or the Cybersecurity Assessor and Instructor Certification Organization (CAICO).