CMMC: Organizational Practices
The Cybersecurity Maturity Model Certification (CMMC) program provides a standard model and process for conducting a conformity assessment of Department of Defense (DoD) suppliers and service providers. Organizations wanting to provide products and services to the DoD will be required to demonstrate their cybersecurity competency and compliance under the CMMC program. A rigorous Assessment Process is used to ensure that the relevant security controls have been effectively implemented and that there is evidence that these controls can be sustained.
This course covers identifying the scope of an Assessment, assessing the CMMC Level 2 practices, and using an established process and workflow to enable efficiencies during an Assessment.
Important: This curriculum product is not considered CMMC-AB Approved Training Material (CATM). Although it contains the same information covered in the CCA training materials, this course is not intended as certification preparation and does not qualify students to sit for the CMMC CCA certification exam. Licensed Training Providers (LTPs) who are seeking to purchase official CATM should contact their United States Career Campus account manager, or Client Services at info@uscareercampus.com
In this course, you will apply the CMMC Assessment Process to validate the performance of cybersecurity practices in the 14 domains derived from NIST SP 800-171. You will:
- Protect CUI with the CMMC program.
- Establish the key elements of a CMMC Assessor's responsibilities.
- Work through an Assessment.
- Validate the context and scope of a Level 2 CMMC Assessment.
- Assess the practices in the Access Control (AC) domain.
- Assess the practices in the Awareness and Training (AT) domain.
- Assess the practices in the Audit and Accountability (AU) domain.
- Assess the practices in the Security Assessment (CA) domain.
- Assess the practices in the Configuration Management (CM) domain.
- Assess the practices in the Identification and Authentication (IA) domain.
- Assess the practices in the Incident Response (IR) domain.
- Assess the practices in the Maintenance (MA) domain.
- Assess the practices in the Media Protection (MP) domain.
- Assess the practices in the Personnel Security (PS) domain.
- Assess the practices in the Physical Protection (PE) domain.
- Assess the practices in the Risk Assessment (RA) domain.
- Assess the practices in the System and Communications Protection (SC) domain.
- Assess the practices in the System and Information Integrity (SI) domain.
To ensure your success in this course, you must have the foundational cybersecurity knowledge of the CMMC program, which you can obtain by taking the following course:
- CMMC: Organizational Foundations
- Microsoft® 365® license (which provides the Microsoft Office apps)
- Microsoft® Windows® 10 Professional
- Adobe® Acrobat® Reader®
- If necessary, software for viewing the course slides. (Instructor machine only.)
For this course, you will need one computer for each student and one for the instructor. Each computer will need the following minimum hardware configurations:
- Sufficient processor speed, RAM, and storage space for good system performance when running Windows and Microsoft 365.
- Mouse, keyboard, and monitor.
- High-speed, stable Internet connection.
- For the instructor's computer, a method to project and/or share the screen as needed for local and remote class participants.
Lesson 1: Protecting CUI
with the CMMC Program
Topic A: Protect
Controlled Unclassified Information
Topic B: Utilize the
CMMC Source Documents
Lesson 2: Being an
Assessor
Topic A: Identify
Assessment Roles and Responsibilities
Topic B: Establish an
Assessor Mindset
Topic C: Determine the
OSC's Cybersecurity Environment
Lesson 3: Working Through
an Assessment
Topic A: Identify
Assessment Flow and Milestone Events
Topic B: Prepare to
Work with the OSC
Topic C: Formalize the
Plan
Topic D: Assess the
Evidence
Topic E: Handle
Non-Conformity Issues
Topic F: Finalize the
Assessment
Lesson 4: Validating the
Scope of a CMMC Assessment
Topic A: Define Scope
Fundamentals
Topic B: Categorize
the Assets
Topic C: Determine the
OSC Context
Topic D: Define ESPs
Topic E: Validate the
Assessment Scope
Lesson 5: Assessing the AC
Practices
Topic A: Evaluate the
AC Practices
Topic B: Identify AC
Connections and Considerations
Lesson 6: Assessing the AT
Practices
Topic A: Evaluate the
AT Practices
Topic B: Identify AT
Connections and Considerations
Lesson 7: Assessing the AU
Practices
Topic A: Evaluate the
AU Practices
Topic B: Identify AU
Connections and Considerations
Lesson 8: Assessing the CA
Practices
Topic A: Evaluate the
CA Practices
Topic B: Identify CA
Connections and Considerations
Lesson 9: Assessing the CM
Practices
Topic A: Evaluate the
CM Practices
Topic B: Identify CM
Connections and Considerations
Lesson 10: Assessing the
IA Practices
Topic A: Evaluate the
IA Practices
Topic B: Identify IA
Connections and Considerations
Lesson 11: Assessing the IR Practices
Topic A: Evaluate the
IR Practices
Topic B: Identify IR
Connections and Considerations
Lesson 12: Assessing the
MA Practices
Topic A: Evaluate the
MA Practices
Topic B: Identify MA
Connections and Considerations
Lesson 13: Assessing the
MP Practices
Topic A: Evaluate the
MP Practices
Topic B: Identify MP
Connections and Considerations
Lesson 14: Assessing the
PE Practices
Topic A: Evaluate the
PE Practices
Topic B: Identify PE
Connections and Considerations
Lesson 15: Assessing the
PS Practices
Topic A: Evaluate the
PS Practices
Topic B: Identify PS
Connections and Considerations
Lesson 16: Assessing the
RA Practices
Topic A: Evaluate the
RA Practices
Topic B: Identify RA
Connections and Considerations
Lesson 17: Assessing the
SC Practices
Topic A: Evaluate the
SC Practices
Topic B: Identify SC
Connections and Considerations
Lesson 18: Assessing the
SI Practices
Topic A: Evaluate the
SI Practices
Topic B: Identify SI
Connections and Considerations
Appendix A: Evidence
Collection Approach for CMMC Practices Levels 1 and 2
Appendix B: Additional CMMC Program Documentation