Cybersecurity Maturity Model Certification (CMMC®)
Course number: CGICMMC40
The Cybersecurity Maturity Model Certification (CMMC), managed by the CMMC Accreditation Body (CMMC-AB), is a program through which an organization’s cybersecurity program is measured by their initial and ongoing compliance with applicable cybersecurity practices as well as their integration of corresponding policies and plans into their overall business operations. By Fiscal Year 2026, all organizations providing products or services to the United States Department of Defense (DoD) must obtain at least a Maturity Level 1 certification under this program.
In this course, you will examine the CMMC model (version 1.02), framework, context, and application within the DoD, as well as the expectations and requirements that will be imposed upon organizations that do business with the DoD. It will also help you to identify threats to cybersecurity and privacy within an IoT ecosystem and implement appropriate countermeasures.
- Identify risks within the defense supply chain and the established standards for managing them.
- Describe how the CMMC model ensures compliance with federal acquisitions regulations.
- Identify responsibilities of the CMMC Certified Professional, including appropriate ethics and behavior.
- Identify regulated information and establish the Certification and Assessment scope boundaries for evaluating the systems that protect that regulated information.
- Evaluate OSC readiness and determine the objective evidence you intend to present to the assessor.
- Use the NIST 800-171A and CMMC Assessment Guide to assess objective evidence for processes and practices.
- Implement and evaluate practices required to meet CMMC maturity level 1.
- Implement and evaluate processes and practices required to meet CMMC maturity level 2.
- Implement and evaluate processes and practices required to meet CMMC maturity level 3.
- Identify processes and practices required to meet CMMC maturity levels 4 and 5.
- Work through the logistics of a CMMC assessment, including planning for and conducting the assessment, as well as any follow-up processes, such as remediation and adjudication.
- To ensure your success in this course you should have some foundational education or experience in cybersecurity as well as general information technology. Auditing or assessment experience is also helpful.
This course provides a jump start on learning material that relates to the CMMC program as a whole, and to the planned Certified Professional (CP) certification in particular. It discusses the CMMC program, the CMMC Model version 1.02, and other CMMC materials as they exist as of the time of publication. The course may be of interest to individuals who wish to pursue the CMMC-CP certification when it is released. It may also be useful to stakeholders in organizations who will be involved in CMMC assessments, and who wish to gain a general understanding of the program and its requirements for their business planning purposes.
This is not official courseware, and has not been reviewed or approved by the CMMC-AB. When the official CMMC-CP certification exam is released, authorized training materials will also become available. CMMC-CP certification candidates will then need to complete authorized training in order to qualify to sit for the CMMC-CP exam.
Cybersecurity Maturity Model Certification (CMMC-CP)
Topic A: Identify Threats to the Defense Supply Chain
Topic B: Identify Regulatory Responses Against Threats
Topic A: Identify Limitations of Self-Certification
Topic B: Identify Benefits of CMMC
Topic C: Describe the CMMC Model Architecture
Topic A: Identify Responsibilities of the CMMC-CP
Topic B: Demonstrate Appropriate Ethics and Behavior
Topic A: Identify Regulated Information
Topic B: Establish the Certification and Assessment Scope Boundaries
Topic A: Evaluate Readiness
Topic B: Determine Objective Evidence
Topic A: Assess the Practices Using the CMMC Assessment Guides
Topic B: Assess the Processes Using the CMMC Assessment Guide Level 3
Topic A: Maturity Level 1 Domains and Practices
Topic B: Determine Scope Boundaries at Maturity Level 1
Topic C: Perform a Maturity Level 1 Gap Analysis
Topic D: Perform a Maturity Level 1 Evidence Validation
Topic A: Process Maturity Requirements for CMMC Levels 2 and 3
Topic B: Maturity Level 2 Practices
Topic C: Maturity Level 3 Practices
Topic A: Maturity Level 4 Processes and Practices
Topic B: Maturity Level 5 Processes and Practices
Topic A: Define the Assessment Logistics
Topic B: Resolve Assessment Related Issues