top of page
CyberDI dark.jpg

TRAINING

CMMC / NIST 800-171 Cybersecurity

Department of Defense Approved CMMC Training:

CMMC Certified Professional (CCP) 2.0

CMMC Certified Assessor (CCA)

Microsoft Security, Compliance, and Identity Fundamentals:

SC900

CompTIA: 

Self-Paced Virtual

ISC2 & ISACA Live Virtual Bootcamps

CYBERSECURITY SERVICES

APPROVED TRAINING PROVIDER (ATP)

CMMC accredited learning institution

  • "CMMC Certified Professionals" (CCP)

  • "CMMC Certified Assessors" (CCA) training

APPROVED PARTNER PUBLISHER (APP)

CMMC accredited learning material

CMMC-AB Approved Training Material (CATM) for use by ATPs

COMPTIA, ISC2 & ISACA

Self-Paced and Bootcamps

CompTIA, ISC2 & ISACA Self-Paced and Bootcamps

Red Mountain

FREQUENTLY ASKED QUESTIONS

CMMC FAQ

CyberDI

WHAT IS CMMC?

CMMC stands for Cybersecurity Maturity Model Certification. It is a standard for implementing cybersecurity measures across the Defense Industrial Base (DIB) supply chain.

WHAT IS THE PURPOSE OF CMMC?

The purpose of CMMC is to enhance the protection of Controlled Unclassified Information (CUI) within the DIB by ensuring that contractors implement appropriate cybersecurity controls and practices based on the sensitivity of the information they handle.

WHO NEEDS TO COMPLY WITH CMMC 2.0?

CMMC 2.0 is required of any defense contractor in the DOD supply chain. This includes prime contractors and subcontractors. The level of compliance is based on the type of information the company handles.

WHAT ARE THE THREE LEVELS OF CMMC 2.0?

The CMMC 2.0 model has three levels including:

  • Level 1 (Foundational)
    Contractors must submit annual self-assessments to the DoD and comply with 17 NIST 800-171 controls

  • Level 2 (Advanced)
    Contractors must undergo third-party assessments every three years and comply with 110 NIST 800-171 practices

  • Level 3 (Expert)
    Contractors must comply with more than 110+ practices aligned with the requirements of NIST 800-172 and complete third-party assessments led by the government triennially

HOW DO YOU KNOW WHAT LEVEL OF CMMC COMPLIANCE IS NEEDED FOR MY COMPANY?

CMMC levels are defined at the contract level. The RFP (Request for Proposal) will declare what CMMC level is required at contract award.
The Program Managers (PM), Contracting Officers (CO) and Contracting Officers Technical Representative (COTR) are good references to understand specific contract requirements.

WHAT IS THE DIFFERENCE BETWEEN CMMC 1.0 AND 2.0

This new version of CMMC 2.0 contains a slimmed down version with three compliance levels

  • CMMC 2.0 Level 1 contains the same 17 practices

  • CMMC 2.0 Level 2 removed the “delta 20” extra practices

    • CMMC 2.0 Level 2 now contains 110 practices, each of which directly maps to the 110 controls found in NIST 800-171

  • CMMC 2.0 Level 3 combined CMMC 1.0 levels 4 and 5 into a single level

    • CMMC 2.0 Level 3 now contains all the controls mapped from NIST 800-172

WHAT IS THE DIFFERENCE BETWEEN NIST 800-171 AND NIST 800-172?

NIST 800-172 is a supplementary document to NIST SP 800-171. It is designed to help safeguard sensitive information on non-federal systems and applies to federal contractors that handle, process or store CUI on their networks.

WHAT IS THE DIFFERENCE BETWEEN CMMC 2.0 AND NIST 800-171?

CMMC 2.0 is an auditable implmentation of NIST 800-171. Unlike NIST 800-171, CMMC 2.0 outlines assessment requirements through third-party certifications. NIST 800-171 does not include any certification requirements.

WHAT IS CONTROLLED UNCLASSIFIED INFORMATION (CUI)?

Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified. CUI is not classified information. It is not corporate intellectual property unless created for or included in requirements related to a government contract.

CONTACT US

1530 Wilson Blvd, Suite 650, Arlington, VA 22209

Thanks for submitting!

bottom of page