CMMC 2.0 and NIST SP 800-171 Compliance Training

Course 2074

  • Duration: 4 days
  • Language: English
  • Level: Intermediate

Recent sweeping updates to the U.S. Department of Defense Cybersecurity Maturity Model Certification (CMMC) requirements have left the consultants, contractors, and the Defense Industrial Base (DIB) questioning where this leaves us and how to proceed. This course is intended to address the questions of what CMMC 2.0 is all about, how certification will work under the new model, the SP 800-171 requirements that must be satisfied and how to meet them, and what this means for DoD contracting organizations.

These exact 800-171 requirements cover all Non-Federal Organizations (NFOs) that handle U.S. Federal Government controlled unclassified information. This course will also feature self-attestation guidance and will help organizations meet the external 3rd party assessments that will still be required for a subset of businesses handling protected U.S. Federal Government information.

CMMC 2.0 and NIST SP 800-171 Training Delivery Methods

  • In-Person

  • Online

CMMC 2.0 and NIST SP 800-171 Training Course Information

CMMC 2.0 and NIST SP 800-171 Training Course Benefits

  • Understand and comply with the new CMMC 2.0 framework
  • Assess CMMC 2.0 and CMMC 1.0 differences and repercussions to your organization
  • Meet NIST SP 800-171 requirements
  • Perform self-assessments conforming to DFARS standards and generate a SPRS score
  • Identify which contract levels are subject to independent assessments
  • Satisfy third-party CMMC 2.0/SP 800-171 assessments
  • Maintain an acceptable security posture over the contract lifecycle
  • Continue learning and face new challenges with after-course one-on-one instructor coaching

CMMC 2.0 and NIST SP 800-171 Training Course Prerequisites

Prior security experience is helpful but not necessary. Critical thinking skills and the ability to make decisions are key.

CMMC 2.0 and NIST SP 800-171 Training Outline

  • Acknowledging the importance of protecting US Government information
  • Recognizing categories of protected information
  • Describing protected information and the law
  • Defining types of security failures
  • Judging the impact of security failures
  • Defining risk
  • Identifying threats and vulnerabilities in organizational systems
  • Recognizing motivations for data compromise
  • Identifying characteristics of threat actors
  • Describing CMMC Goals
  • Synopsizing CMMC Evolution
  • Defining the model tiers
  • Describing the four CMMC 2.0 program phases
  • Listing assessment requirements
  • Explaining model implementation
  • Charting the CMMC implementation timeline
  • Describing NIST SP 800-171, SP 800-171A, and SP 800-172
  • Categorizing security controls
  • Identifying SP 800-171 control families
  • Describing SP 800-171 security control structure
  • Explaining the importance of basic assumptions underlying SP 800-171
  • Identifying NARA CUI categories and markings
  • Verifying confidentiality impact level
  • Identifying special considerations for classified defense information
  • Determining the organizational system boundary
  • Building the System Security Plan
  • Determining the security control baseline
  • Assessing the need for enhanced assurance
  • Updating the System Security Plan
  • Tailoring the security control baseline
  • Selecting the approach to securing organizational systems
  • Implementing security controls
  • Documenting security control implementation, compliance, and effectiveness
  • Building the Security Assessment Plan
  • Assessment methodologies
  • Assessment optimization
  • Assessing security control compliance and effectiveness
  • Documenting security control compliance
  • Completing the System Security Plan
  • Building the Plan of Action and Milestones (POA&M)
  • Requesting CMMC waivers
  • Compiling the assessment report
  • Preserving an acceptable system security posture

Need Help Finding The Right Training Solution?

Our training advisors are here for you.

CMMC 2.0 and NIST SP 800-171 Training FAQs

Organizations Seeking Approval (OSC) personnel, including:

  • System development life cycle personnel (e.g., program managers, mission/business owners, information owners/stewards, system designers and developers, system/security engineers, and systems integrators).
  • Personnel with system security or risk management and oversight responsibilities (e.g., chief information officers, chief information security officers, system owners, information system security managers).
  • Security assessment and monitoring personnel (e.g., auditors, system evaluators, assessors, verifiers/validators, analysts).
  • Third parties providing CMMC 2.0 implementation and assessment support services.

No. C3PAOs will be needed to assess the OSCs requiring a Level 2 Assessment. Keep in mind that Level 2 is bifurcated, and some OSCs will be able to self-attest.

No, NIST is the What, and CMMC is the How. They are both needed and play an integral role in the new cyber security mandate.

Yes, this will lay a great foundation prior to attending Course 2072, Certified Professional CMMC Training (CCP), and sitting for the CCP Certification exam.

Chat With Us