Candidates who attend this training and pass the associated exam are;
CMMC Levels 1 through 3 consist of the security requirements specified in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations; 20 additional CMMC practices; and 3 CMMC maturity processes per each of the 17 domains. Level 1 of CMMC addresses the protection of Federal Contract Information (FCI) and encompasses the basic safeguarding requirements for FCI specified in Federal Acquisition Regulation (FAR) Clause 52.204-21, which defines FCI as: Information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government, but not including information provided by the Government to the public (such as on public websites) or simple transactional information, such as necessary to process payments. Department of Defense (DoD) contracts that specify the need for a contractor to process, store, or transmit FCI only require the contractor to comply with CMMC Level 1 practices. There is no CMMC process maturity assessed at Level 1.
CMMC Level 3 addresses the protection of Controlled Unclassified Information (CUI), which the National Archives and Record Administration (NARA) defines as:
Information that requires safeguarding or dissemination controls pursuant to and consistent with laws, regulations, and government-wide policies, excluding information that is classified under Executive Order 13526, or any predecessor or successor order, or Atomic Energy Act of 1954, as amended
As such, this course is designed to invoke knowledge on the conducting of these assessments by adhering to defined methodologies and practices.
During this course delegates will learn how to;
After assessment, delegates are;