3 days


Businesses working with the federal government.

Course Description:

All DoD contractors and subcontractors with systems that process, transmit or store Controlled Unclassified Information (CUI) must be compliant with the Defense Federal Acquisition Regulation Supplement (DFARS) cybersecurity requirements. These are specified in the DFARS Interim Rule based on NIST SP 800-171, and separately in the Cybersecurity Maturity Model Certification (CMMC) Level 3.  Both apply controls from NIST SP 800-53, the catalog that forms the basis of the highly rigorous Risk Management Framework (RMF) for DoD Federal internal systems.

The “DFARS Compliance with CMMC/NIST SP 800-171” curriculum has been designed by RMF practitioners who can offer you the industry standard for getting through the process of control implementation and assessment!

The primary goal of the DFARS Compliance with CMMC/NIST SP 800-171 Readiness Workshop is to provide detailed practical application based DFARS training that will help DoD contractors work through DFARS requirements towards certification in the most efficient means possible. At the completion of training we anticipate students to have met the following goals:

  • Have a working understanding of the process of implementing security controls and submitting a DFARS package
  • Possess the knowledge to meet all DFARS requirements as mandated by DoD
  • Understand the expectations of DoD as outlined in DFARS guidance

Learning Objectives:

  • Identify who is impacted by the CMMC and NIST SP 800-171
  • Identify when the requirements will take effect
  • Differentiate requirements for FARS and DFARS
  • Understand how controls/practices apply to cybersecurity risk management principles
  • Determine the potential impact of the newly released Interim Rule
  • Apply DoD CUI Registry guidance to determine CUI requirements
  • Relate NIST SP 800-171 controls to CMMC Process and Practice maturity levels
  • Explain the current state of cybersecurity assessment as it relates to the CMMC and NIST SP 800-171
  • Differentiate CMMC process maturity by associated levels and relevant indicators
  • Identify relevant CUI guidance
  • Determine specifications for establishing boundaries
  • Differentiate requirements for CMMC versus NIST SP 800-171
  • Analyze effective policy components to support process maturity
  • Develop preliminary plans and associated evidence to support a cybersecurity self-assessment as well as an external assessment
  • Follow procedures for the NIST SP 800-171 DoD Assessment Methodology, Version 1.2.1 (required in the new Interim Rule)
  • Define components of an action plan and transition roadmap for CMMC or NIST SP 800-171 implementation

Who Should Attend?

The Cybersecurity Maturity Model training program is suitable for contractors in the DoD community as this will be a requirement for all contractors going forward.