SUMMARY
This course will help an Organization Seeking Certification (OSC) understand and plan for the impact of the Cybersecurity Maturity Model Certification (CMMC). This course is for Enterprises handling Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) on behalf of the Department of Defense (DoD) and seeking CMMC assessments. This course is intended for CMMC Champions within the Enterprise, to facilitate and lead their internal teams to prepare for a CMMC assessment. As a CMMC Champion, you will receive important knowledge of the overall CMMC assessment process to meet regulatory compliance and understand the keys to a successful assessment.

DESCRIPTION
This course provides a focused overview of the CMMC program for organizational decision makers and CMMC Champions to get a sense of what’s required for a successful assessment and the various ways they can start preparing their organization.

Intended Audience: Enterprise CMMC Champions wanting to prepare for a successful CMMC assessment. Enterprises can be small, medium and large businesses with a minimum of 250 employees that manage a supply chain handling CUI.


LESSON OBJECTIVES

First Half Day
Lesson 1: Identifying What’s at Stake
- Objective 1: Identify the threats to the Defense Industrial Base and the established regulations that protect the Defense Supply Chain
- Objective 2: Identify the main categories of sensitive information: Federal Contract Information (FCI) and Controlled Unclassified Information (CUI)

Lesson 2: Describing the CMMC Program
- Objectives: Describe the purpose and the general architecture of the CMMC Model

Second Half Day

Lesson 3: Getting Ready for a CMMC Assessment
- Objective 1: Identify the people, systems, and processes in your environment that will be evaluated in a CMMC assessment
- Objective 2: Read and analyze the Assessment Guides to understand how and what a CMMC Certified Assessor (CCA) will be assessing in your organization
- Identify the three methods of validating your compliance with the CMMC requirements

Lesson 4: Interacting with the CMMC Ecosystem
- Objective 1: Identify the organization and individuals in the CMMC ecosystem who are involved in preparing organizations for, and conducting, an assessment.
- Objective 2: Identify the necessary steps that an organization must go through during a CMMC Assessment to receive CMMC Certification

INSTRUCTOR

Ron Sweeten is a Lead Assessor and Primary Trainer for Risk Management Framework (RMF), NIST 800-171, and ISO 27001 with over 20 years of government and private sector cybersecurity experience specializing in policy, implementation, audits, and assessments. Mr. Sweeten has been trained by the CMMC-AB as a Provisional Instructor and Provisional Assessor.