3 days


Businesses working with the federal government.

Course Description:

Cybersecurity Maturity Model Certification (CMMC) Training provides a practical and well-developed approach to CMMC application for the DoD contractor community. This course is targeted to DoD contractors who have a business driver to meet CMMC requirements and have varied experiences with implementing cybersecurity requirements. CMMC curriculum was created by cybersecurity practitioners with advanced expertise of the application of government cybersecurity programs.

It is IT Dojo’s mission in creating Cybersecurity Maturity Model Certification (CMMC) Training to provide extensive CMMC knowledge that will help DoD contractors work through CMMC requirements towards certification in the most efficient means possible while still meeting all requirements of CMMC guidance published by DoD.

DoD is planning to migrate to the new CMMC framework in order to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB). CMMC is intended to serve as a verification mechanism to ensure appropriate levels of cybersecurity practices and processes are in place to ensure basic cyber hygiene as well as protect controlled unclassified information (CUI) that resides on the Department’s industry partners’ networks.
The end goal of DoD is for CMMC to be a requirement for all contractors and subcontractors who wish to do business with the DoD.

Course Outline:

  • NARA Resources to define CUI
  • CMMC practice maturity levels 1 – 5
  • CMMC process maturity levels 1-5
  • How to create policy
  • Description of reference frameworks
  • Domains, Capabilities and Practices
    • Access Control (AC)
    • Asset Management  (AM)
    • Audit and Accountability (AA)
    • Awareness and Training  (AT)
    • Configuration Management (CM)
    • Identification and  Authentication (IA)
    • Incident Response (IR)
    • Maintenance (MA)
    • Media Protection (MP)
    • Personnel Security (PS)
    • Physical Protection (PP)
    • Recovery (RE)
    • Risk Management (RM) Includes risk management concepts as they relate to CMMC
    • Security Assessment  (CA)
    • Situational Awareness (SA)
    • System and Communications  Protections (SC)
    • System & Information Integrity (SI)
  • Planning the CMMC Assessment
  • Assessment techniques (Risk Management Framework Accreditation & Authorization techniques and NIST SP 800-53, the parent control set for NIST SP 800-171)
  • NIST SP 800-171 Assessment Methodology
  • Status of the CMMC Accreditation Body and Assessment
  • Preparing for a self-assessment
  • Developing a plan to assess CMMC controls with no structured NIST guidance
  • Preparing for an external audit
  • Preparing project documentation (System Security Plan & POAM)
  • Resources/Summary

Training Goals

  • Have a working understanding of the process of implementing security controls and submitting a CMMC package
  • Possess the knowledge to meet all CMMC requirements as mandated by DoD

Who Should Attend?

The Cybersecurity Maturity Model training program is suitable for contractors in the DoD community as this will be a requirement for all contractors going forward.