• IT & Cybersecurity Professionals managing networks for DoD contractors.
• Consultants & Managed Service Providers (MSPs) helping defense contractors achieve compliance.
• Compliance & Risk Officers navigating DFARS and NIST SP 800-171 requirements.
• Future Assessors looking to fulfill the prerequisite for the Certified CMMC Assessor (CCA) credential.

Assessment & Scoping Skills

• Precision Scoping: Accurately define the CMMC assessment boundary by identifying and categorizing assets (CUI Assets, FCI Assets, Security Protection Assets, and Out-of-Scope Assets).
• Evidence Evaluation: Master the methodology to Examine, Interview, and Test (EIT) to determine if a cybersecurity practice is fully implemented and functioning.
• Gap Analysis: Conduct thorough pre-assessments to identify vulnerabilities and compliance gaps within an organization's current IT infrastructure.

Technical & Compliance Skills

• NIST SP 800-171 Mastery: Translate complex NIST security controls into actionable IT configurations and policies.
• Documentation Auditing: Critically evaluate foundational compliance documents, including System Security Plans (SSPs) and Plans of Action & Milestones (POA&Ms), for accuracy and completeness.
• Data Flow Mapping: Trace the lifecycle and flow of Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) across an organization's networks.

Strategy & Consulting Skills

• Readiness Strategy: Build a roadmap to guide Organizations Seeking Certification (OSCs) from their baseline security posture to successful CMMC certification.
• Assessment Team Participation: Seamlessly integrate into a Certified Third-Party Assessment Organization (C3PAO) team, understanding the exact workflow, tools, and reporting mechanisms used during an official assessment.
• Ethical Compliance: Apply the CMMC-AB Code of Professional Conduct to navigate conflicts of interest and maintain assessment integrity.

Module 1: The CMMC Ecosystem

• The Threat Landscape: Understanding the risks to the Defense Industrial Base (DIB).
• Roles & Responsibilities: Navigating the ecosystem (The DoD, Cyber AB, CAICO, C3PAOs, Assessors, and OSCs).
• Certification Lifecycle: How organizations prepare for, undergo, and maintain CMMC certification.

Module 2: CMMC-AB Code of Professional Conduct (Ethics)

• Guiding Principles: Professionalism, objectivity, and maintaining confidentiality.
• Conflict of Interest (COI): Identifying and mitigating internal and external threats to impartial assessments.
• Proper Use of Methods & Tools: Ethical application of assessment technologies and handling sensitive compliance data.

Module 3: Governance and Source Documents

• Understanding the Data: Differentiating between Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).
• The Regulatory Foundation: Deep dive into FAR 52.204-21, DFARS 252.204-7012, 7019, and 7020.
• The NIST Connection: How CMMC maps to NIST SP 800-171 and NIST SP 800-172.

Module 4: CMMC Model Construct and Implementation

• CMMC 2.0 Architecture: Breakdown of the Maturity Levels (Level 1: Foundational, Level 2: Advanced, Level 3: Expert).
• Domains and Practices: Evaluating the implementation of cybersecurity practices across the 14 CMMC domains (e.g., Access Control, Incident Response, Asset Management).
• Evaluating Evidence: How to interview staff, examine documentation, and test systems to verify compliance.

Module 5: The CMMC Assessment Process (CAP)

• Phases of the CAP: From pre-assessment planning to the final report.
• Preparation & Readiness: Fostering a mature cybersecurity culture and conducting gap analyses.
• Conducting the Assessment: The daily realities of leading or participating in an assessment team.
• Reporting & Remediation: Managing POA&Ms (Plans of Action and Milestones) and conducting close-out assessments.

Module 6: Scoping

• Defining the Boundary: Using CMMC scoping guidance to determine what networks, systems, and personnel are "in-scope."
• Data Flow: Mapping how FCI and CUI move through an organization's people, processes, and technology.
• Network Segmentation: Strategies for limiting scope to reduce assessment costs and security risks.