CMMC Cybersecurity Maturity Model Certification
To safeguard sensitive national security information, the Department of Defense (DoD) launched CMMC 2.0, a comprehensive framework to protect the defense industrial base from increasingly frequent and complex cyberattacks. With its streamlined requirements, CMMC 2.0: Cuts red tape for small and medium sized businesses Sets priorities for protecting DoD information Reinforces cooperation between the DoD and industry in addressing evolving cyber threats
Overview of the CMMC Program - The Cybersecurity Maturity Model Certification (CMMC) program enhances cyber protection standards for companies in the DIB. It is designed to protect sensitive unclassified information that is shared by the Department with its contractors and subcontractors. The program incorporates a set of cybersecurity requirements into acquisition programs and provides the Department increased assurance that contractors and subcontractors are meeting these requirements. The framework has three key features: Tiered Model: CMMC requires that companies entrusted with national security information implement cybersecurity standards at progressively advanced levels, depending on the type and sensitivity of the information. The program also sets forward the process for information flow down to subcontractors.
Assessment Requirement: CMMC assessments allow the Department to verify the implementation of clear cybersecurity standards.
Implementation through Contracts: Once CMMC is fully implemented, certain DoD contractors that handle sensitive unclassified DoD information will be required to achieve a particular CMMC level as a condition of contract award.
|Time:||72 Lecture hrs|
|Contact Hours:||72 Lecture hrs|
|Credits:||72 CPE / 3 CEU|
|Method of Delivery:||Residential (face-to-face) or Hybrid|
|Instructor:||TBD - Exam|
|Method of Evaluation:||95 % attendance 2. 100 % completion of Lab|
|Grading:||Pass = Attendance+ labs & quizzes Fail > 95% Attendance|
|Text Materials:||labs, SU Pen Testing Materials, resource CD’s and attack handouts|
This 72 hour accelerated class is taught using face to face modality or hybrid modality. Class includes 72 hours of contact studies, labs, reading assignments and final exam - passing the final exam is a requirement for graduation.
Who Should A Why must companies comply? Why us –
In 2019 the Department of Defense (DoD) announced the creation of the Cybersecurity Maturity Model Certification (CMMC) to govern the Defense Industrial Base (DIB). Cybersecurity Maturity Model Certification (CMMC) relies on self-assessments and third party assessors.
The CMMC builds from NIST 800-171 but also includes controls from other cybersecurity frameworks. Where CMMC differs is in both the maturity model and the role of third-party assessors.
With the implementation of CMMC 2.0, the Department is introducing several key changes that build on and refine the original program requirements. These are: Introduction to the CMMC, Understanding the Supply Chain, Protecting Sensitive Data, Understanding the CMMC Methodology, Building Business Better Through Cybersecurity, Network Diagrams and Scope
Learning Objectives: 72 hrs Lecture
Students will gain a general understanding of how to audit for CMMC Compliance.
On the surface, project management seems straightforward. However, at best, only 80% of projects end up being economically. Spirit of collaboration: Allows companies, under certain limited circumstances, to make Plans of Action & Milestones (POA&Ms) to achieve certification. Added flexibility and speed: Allows waivers to CMMC requirements under certain limited circumstances. On November 4, 2021 the Department of Defense unveiled an update to the Cybersecurity Maturity Model Certification framework – CMMC 2.0 – to streamline compliance, increase flexibility, and lower cost for manufacturers and IT providers. About CMMC 2.0
You will learn the 5 Step Guide to Understand:
- How to leverage your NIST 800-171 compliance efforts in preparation for CMMC 2.0
- The relationship between NIST 800-171 and CMMC 2.0
- What should your System Security Plan (SSP) include?
- What is a Plan of Action & Milestone (POAM) and how are they best used?
- How can I implement the requirements in a way that enables CMMC 2.0 validation?
Modules 72 hrs lecture
- Lesson 1: 2 hrs Introduction to Cybersecurity Maturity Model Certification
- Lesson 2: 2 hrs History and Players of CMMC
- Lesson 3: 7 hrs Securing Sensitive Data
- Lesson 4: 2 hrs Cybersecurity Ethics
- Lesson 5: 9 hrs Knowing Your Scope
- Lesson 6: 9 hrs CMMC Methodology
- Lesson 7: 7 hrs Identity and Access Management
- Lesson 8: 2 hrs People and Procedures
- Lesson 9: 9 hrs Technical Systems
- Lesson 11: 5 hrs CMMC Implementation Level 1-3
- Lesson 11: 3 hrs CMMC Implementation Level 4
- Lesson 11: 3 hrs CMMC Implementation Level 5 network diagrams and scope
DFARS Clause 252.204-7012 and NIST 800-171 cybersecurity requirements for primes and subcontractors are no longer voluntary and DoD audits, coupled with the Cybersecurity Maturity Model Certification (CMMC) version 2.0 will require all companies conducting business with the DoD to be certified by a third party. Audit ready, third party verified compliance with DFARS/NIST 800-171 involves much more than documentation and accomplishing it cost-effectively for your business requires an approach informed by the experience gained from hundreds of implementations. CyberSheath created this easy to follow 5 Step Guide informed by real world implementation experience to enable you to quickly and efficiently comply and pass any audit.
Grades - All students must ordinarily take all quizzes, labs, final exam and submit the class practical in order to be eligible for a Q/ISP, Q/IAP, Q/SSE, or Q/WP credential unless granted an exception in writing by the President. Books - No books are required for this course. However, you may want to supplement your preparation for or review of some lectures with self-assigned readings relevant to those lectures' content from either of the books below.