CMMC-Organizational Practices, Student Edition
R 2132.10
($)
CMMC: Organizational Practices
Course Specifications
Course Number: ELK93–204_rev1.0n
Course Length: 5 days
Course Description
The Cybersecurity Maturity Model Certification (CMMC) program provides a standard model and process for conducting a conformity assessment of Department of Defense (DoD) suppliers and service providers. Organizations wanting to provide products and services to the DoD will be required to demonstrate their cybersecurity competency and compliance under the CMMC program. A rigorous Assessment Process is used to ensure that the relevant security controls have been effectively implemented and that there is evidence that these controls can be sustained.
This course covers identifying the scope of an Assessment, assessing the CMMC Level 2 practices, and using an established process and workflow to enable efficiencies during an Assessment.
Important: This curriculum product is not considered CMMC-AB Approved Training Material (CATM). Although it contains the same information covered in the CCP training materials, this course is not intended as certification preparation and does not qualify students to sit for the CMMC CP certification exam. Licensed Training Providers (LTPs) who are seeking to purchase official CATM should contact their Logical Operations account manager, or Client Services at assist@logicaloperations.com.
Course Objective: In this course, you will apply the CMMC Assessment Process to validate the performance of cybersecurity practices in the 14 domains derived from NIST SP 800-171.
You will:
- Protect CUI with the CMMC program.
- Establish the key elements of a CMMC Assessor's responsibilities.
- Work through an Assessment.
- Validate the context and scope of a Level 2 CMMC Assessment.
- Assess the practices in the Access Control (AC) domain.
- Assess the practices in the Awareness and Training (AT) domain.
- Assess the practices in the Audit and Accountability (AU) domain.
- Assess the practices in the Security Assessment (CA) domain.
- Assess the practices in the Configuration Management (CM) domain.
- Assess the practices in the Identification and Authentication (IA) domain.
- Assess the practices in the Incident Response (IR) domain.
- Assess the practices in the Maintenance (MA) domain.
- Assess the practices in the Media Protection (MP) domain.
- Assess the practices in the Personnel Security (PS) domain.
- Assess the practices in the Physical Protection (PE) domain.
- Assess the practices in the Risk Assessment (RA) domain.
- Assess the practices in the System and Communications Protection (SC) domain.
- Assess the practices in the System and Information Integrity (SI) domain.
Target Student: This course is designed for business and technical professionals who are interested in gaining a thorough understanding of how the CMMC Assessment Process works. This course is beneficial to employees of Defense Industrial Base (DIB) Organizations Seeking Certification (OSCs) because an understanding of how assessors think during an Assessment will ensure better Assessment readiness. Although achieving CMMC certification is not a goal of this training event, the material is presented from the Certified CMMC Assessor's (CCA) point of view, so you might see references to CCAs.
Prerequisites: To ensure your success in this course, you must have the foundational cybersecurity knowledge of the CMMC program, which you can obtain by taking the following course:
- CMMC: Organizational Foundations
Hardware Requirements
For this course, you will need one computer for each student and one for the instructor. Each computer will need the following minimum hardware configurations:
- Sufficient processor speed, RAM, and storage space for good system performance when running Windows and Microsoft 365.
- Mouse, keyboard, and monitor.
- High-speed, stable Internet connection.
- For the instructor's computer, a method to project and/or share the screen as needed for local and remote class participants.
Software Requirements
- Microsoft® 365® license (which provides the Microsoft Office apps)
- Microsoft® Windows® 10 Professional
- Adobe® Acrobat® Reader®
- If necessary, software for viewing the course slides. (Instructor machine only.)
Course Content
Lesson 1: Protecting CUI with the CMMC Program
Lesson 2: Being an Assessor
Lesson 3: Working Through an Assessment
Lesson 4: Validating the Scope of a CMMC Assessment
Lesson 5: Assessing the AC Practices
Lesson 6: Assessing the AT Practices
Lesson 7: Assessing the AU Practices
Lesson 8: Assessing the CA Practices
Lesson 9: Assessing the CM Practices
Lesson 10: Assessing the IA Practices
Lesson 11: Assessing the IR Practices
Lesson 12: Assessing the MA Practices
Lesson 13: Assessing the MP Practices
Lesson 14: Assessing the PE Practices
Lesson 15: Assessing the PS Practices
Lesson 16: Assessing the RA Practices
Lesson 17: Assessing the SC Practices
Lesson 18: Assessing the SI Practices
Appendix A: Evidence Collection Approach for CMMC Practices Levels 1 and 2
Appendix B: Additional CMMC Program Documentation
.jpg){kind=logo}
.jpg){kind=logo}
.jpg){kind=logo}
.jpg){kind=logo}
.png){kind=logo}
