US flag US
888-843-8733
888-843-8733

CMMC 2.0 and NIST SP 800-171 Compliance Training

Course 2074

  • Duration: 4 days
  • Language: English
  • Level: Intermediate

Recent sweeping updates to the U.S. Department of Defense Cybersecurity Maturity Model Certification (CMMC) requirements have left the consultants, contractors, and the Defense Industrial Base (DIB) questioning where this leaves us and how to proceed. This course is intended to address the questions of what CMMC 2.0 is all about, how certification will work under the new model, the SP 800-171 requirements that must be satisfied and how to meet them, and what this means for DoD contracting organizations.

These exact 800-171 requirements cover all Non-Federal Organizations (NFOs) that handle U.S. Federal Government controlled unclassified information. This course will also feature self-attestation guidance and will help organizations meet the external 3rd party assessments that will still be required for a subset of businesses handling protected U.S. Federal Government information.

CMMC 2.0 and NIST SP 800-171 Training Delivery Methods

  • In-Person

  • Online

CMMC 2.0 and NIST SP 800-171 Training Course Information

CMMC 2.0 and NIST SP 800-171 Training Course Benefits

  • Understand and comply with the new CMMC 2.0 framework
  • Assess CMMC 2.0 and CMMC 1.0 differences and repercussions to your organization
  • Meet NIST SP 800-171 requirements
  • Perform self-assessments conforming to DFARS standards and generate a SPRS score
  • Identify which contract levels are subject to independent assessments
  • Satisfy third-party CMMC 2.0/SP 800-171 assessments
  • Maintain an acceptable security posture over the contract lifecycle
  • Continue learning and face new challenges with after-course one-on-one instructor coaching

CMMC 2.0 and NIST SP 800-171 Training Course Prerequisites

Prior security experience is helpful but not necessary. Critical thinking skills and the ability to make decisions are key.

CMMC 2.0 and NIST SP 800-171 Training Outline

  • Acknowledging the importance of protecting US Government information
  • Recognizing categories of protected information
  • Describing protected information and the law
  • Defining types of security failures
  • Judging the impact of security failures
  • Defining risk
  • Identifying threats and vulnerabilities in organizational systems
  • Recognizing motivations for data compromise
  • Identifying characteristics of threat actors
  • Describing CMMC Goals
  • Synopsizing CMMC Evolution
  • Defining the model tiers
  • Describing the four CMMC 2.0 program phases
  • Listing assessment requirements
  • Explaining model implementation
  • Charting the CMMC implementation timeline
  • Describing NIST SP 800-171, SP 800-171A, and SP 800-172
  • Categorizing security controls
  • Identifying SP 800-171 control families
  • Describing SP 800-171 security control structure
  • Explaining the importance of basic assumptions underlying SP 800-171
  • Identifying NARA CUI categories and markings
  • Verifying confidentiality impact level
  • Identifying special considerations for classified defense information
  • Determining the organizational system boundary
  • Building the System Security Plan
  • Determining the security control baseline
  • Assessing the need for enhanced assurance
  • Updating the System Security Plan
  • Tailoring the security control baseline
  • Selecting the approach to securing organizational systems
  • Implementing security controls
  • Documenting security control implementation, compliance, and effectiveness
  • Building the Security Assessment Plan
  • Assessment methodologies
  • Assessment optimization
  • Assessing security control compliance and effectiveness
  • Documenting security control compliance
  • Completing the System Security Plan
  • Building the Plan of Action and Milestones (POA&M)
  • Requesting CMMC waivers
  • Compiling the assessment report
  • Preserving an acceptable system security posture
Get This Course $2,990 $2,659 For Team Prices Call: 888-843-8733
  • 4-day instructor-led training course
  • Learning Tree end-of-course exam included
  • After-course instructor coaching included
#2074
  • Mar 25 - 28 9:00 AM - 4:30 PM EDT
    Herndon, VA or Virtual
  • Apr 30 - May 3 9:00 AM - 4:30 PM EDT
    Virtual
  • Jun 11 - 14 9:00 AM - 4:30 PM EDT
    Herndon, VA or Virtual
  • Sep 3 - 6 9:00 AM - 4:30 PM EDT
    Herndon, VA or Virtual
  • 4-day instructor-led training course
  • Learning Tree end-of-course exam included
  • After-course instructor coaching included
#2074
  • Mar 25 - 28 9:00 AM - 4:30 PM EDT
    Herndon, VA or Virtual
  • Apr 30 - May 3 9:00 AM - 4:30 PM EDT
    Virtual
  • Jun 11 - 14 9:00 AM - 4:30 PM EDT
    Herndon, VA or Virtual
  • Sep 3 - 6 9:00 AM - 4:30 PM EDT
    Herndon, VA or Virtual
  • Bring this or any training to your organization

  • Full-scale program development

  • Delivered when, where, and how you want it
  • Blended learning models
  • Tailored content
  • Expert team coaching
#2074
Questions about this course?
* Required Fields
Customize Your Team Training Experience

Fill out the form below or call 888-843-8733

* Required Fields
Preferred method of contact:

Need Help Finding The Right Training Solution?

Our training advisors are here for you.

Contact Us

CMMC 2.0 and NIST SP 800-171 Training FAQs

Organizations Seeking Approval (OSC) personnel, including:

  • System development life cycle personnel (e.g., program managers, mission/business owners, information owners/stewards, system designers and developers, system/security engineers, and systems integrators).
  • Personnel with system security or risk management and oversight responsibilities (e.g., chief information officers, chief information security officers, system owners, information system security managers).
  • Security assessment and monitoring personnel (e.g., auditors, system evaluators, assessors, verifiers/validators, analysts).
  • Third parties providing CMMC 2.0 implementation and assessment support services.

No. C3PAOs will be needed to assess the OSCs requiring a Level 2 Assessment. Keep in mind that Level 2 is bifurcated, and some OSCs will be able to self-attest.

No, NIST is the What, and CMMC is the How. They are both needed and play an integral role in the new cyber security mandate.

Yes, this will lay a great foundation prior to attending Course 2072, Certified Professional CMMC Training (CCP), and sitting for the CCP Certification exam.

Related Courses

  • CMMC
    Certified Professional CMMC Training (CCP)

    The Cybersecurity Maturity Model Certification (CMMC) Training Course prepares students for the Cyber-AB Certified CMMC Professional (CCP) certification.

    Foundation
    5 days
    Online or In-class
    Starts from $3,495
  • CMMC
    Certified CMMC Assessor Training (CCA)

    This Certified CMMC Assessor Training course prepares you to become a Certified Assessor Level 1, which enables you to conduct maturity level 1 assessment.

    Intermediate
    5 days
    Online or In-class
    Starts from $3,495
  • Learning Tree
    NIST Training: Assess & Manage Risk

    In this NIST training course (Cybersecurity Framework), US government employees will learn how to meet all cyber laws & regulations in their agency.

    Intermediate
    4 days
    Online or In-class
    Starts from $2,990
Chat With Us