Skip to main content

Training Overview

DFARS Compliance with CMMC/NIST SP 800-171 Fundamentals

(One Day)


All DoD contractors and subcontractors with systems that process, transmit or store Controlled Unclassified Information (CUI) must be compliant with the Defense Federal Acquisition Regulation Supplement (DFARS) cybersecurity requirements. These are specified in the DFARS Interim Rule based on NIST SP 800-171, and separately in the Cybersecurity Maturity Model Certification (CMMC) Level 3.  Both apply controls from NIST SP 800-53, the catalog that forms the basis of the highly rigorous Risk Management Framework (RMF) for DoD Federal internal systems.

Given these common core components, and with BAI’s established leadership as the “go to” training and consulting experts on the Risk Management Framework (RMF), you can be confident that this training will provide you with the knowledge and skills you need to meet DFARS.

True to our motto of “We ARE RMF!”, the “DFARS Compliance with CMMC/NIST SP 800-171” curriculum has been designed by RMF practitioners who can offer you the industry standard for getting through the process of control implementation and assessment!


The DFARS Compliance with CMMC/NIST SP 800-171 Fundamentals  class is intended to help participants gain foundational knowledge of the process and general information to begin the decision-making process.  The learning objectives are designed so that participants will be able to:

  • Identify who is impacted by the CMMC and NIST SP 800-171
  • Identify when the requirements will take effect
  • Differentiate requirements for FARS and DFARS
  • Understand how controls/practices apply to cybersecurity risk management principles
  • Determine the potential impact of the newly released Interim Rule
  • Apply DoD CUI Registry guidance to determine CUI requirements
  • Relate NIST SP 800-171 controls to CMMC Process and Practice maturity levels
  • Explain the current state of cybersecurity assessment as it relates to the CMMC and NIST SP 800-171

DFARS Compliance with CMMC/NIST SP 800-171 Readiness Workshop

(Three Days)

Those seeking more in-depth practical knowledge of specific requirements and implementation should consider attending the Readiness Workshop. The two days added to the Fundamentals class is conducted with a deeper dive into individual controls and assessment requirements.


At the completion of training, participants will be able to:

  • Differentiate CMMC process maturity by associated levels and relevant indicators
  • Identify relevant CUI guidance
  • Determine specifications for establishing boundaries
  • Differentiate requirements for CMMC versus NIST SP 800-171
  • Analyze effective policy components to support process maturity
  • Develop preliminary plans and associated evidence to support a cybersecurity self-assessment as well as an external assessment
  • Follow procedures for the NIST SP 800-171 DoD Assessment Methodology, Version 1.2.1 (required in the new Interim Rule)
  • Define components of an action plan and transition roadmap for CMMC or NIST SP 800-171 implementation

Training Goals

The primary goal of the DFARS Compliance with CMMC/NIST SP 800-171 Readiness Workshop is to provide detailed practical application based DFARS training that will help DoD contractors work through DFARS requirements towards certification in the most efficient means possible. At the completion of training we anticipate students to have met the following goals:

  • Have a working understanding of the process of implementing security controls and submitting a DFARS package
  • Possess the knowledge to meet all DFARS requirements as mandated by DoD
  • Understand the expectations of DoD as outlined in DFARS guidance

Who should attend?

The DFARS Compliance with CMMC/NIST SP 800-171 Readiness Workshop is suitable for contractors in the DoD community as this will be a requirement for all contractors going forward.


3 days

The full DFARS Compliance with CMMC/NIST SP 800-171 Readiness Workshop is three days.

Delivery Methods

BAI training programs are offered on a regularly-scheduled basis in

Colorado Springs | Huntsville | National Capital Region | Pensacola | San Diego

Training is also available online (instructor-led) via our  Online Personal Classroom™ technology.

Please click here for a schedule of upcoming classes.

Private Group Classes

If you have a group of students (normally 8 or more), any of our training programs can be delivered at your site (in a suitable classroom facility), or in our Online Personal Classroom. Group classes offer significant savings over individual class registrations; the larger the class, the greater the savings.

Please click here to request a quote.

Payment Options

Payment options for regularly-scheduled training are as follows:

Credit card – Visa, MasterCard and American Express
SF182 – government entities may submit an SF182 for invoicing after completion of training
PO – purchase orders are accepted from government and major corporate entities

How to Register

Registration for regularly-scheduled classes can be completed in two ways:

Online (recommended)

Click here for online registration and payment.

By FAX or e-mail

Click here for a printable registration form.

RMF education doesn’t stop when your class ends!

TrainPlus™ is a monthly, invitation-only teleconference with one of our BAI RMF subject matter experts. If you have questions lingering from your training, or you’ve encountered a problem implementing RMF in the “real world”, we are here to help you. Regardless of whether you attend RMF training in one of our BAI classroom locations, our Online Personal Classroom, or on-site at your agency/company location, there is never any additional charge for this “post training support”.