DFARS Compliance with CMMC/NIST SP 800-171 Fundamentals
BAI’s CMMC CURRICULUM
All DoD contractors and subcontractors with systems that process, transmit or store Controlled Unclassified Information (CUI) must be compliant with the Defense Federal Acquisition Regulation Supplement (DFARS) cybersecurity requirements. These are specified in the DFARS Interim Rule based on NIST SP 800-171, and separately in the Cybersecurity Maturity Model Certification (CMMC) Level 3. Both apply controls from NIST SP 800-53, the catalog that forms the basis of the highly rigorous Risk Management Framework (RMF) for DoD Federal internal systems.
Given these common core components, and with BAI’s established leadership as the “go to” training and consulting experts on the Risk Management Framework (RMF), you can be confident that this training will provide you with the knowledge and skills you need to meet DFARS.
True to our motto of “We ARE RMF!”, the “DFARS Compliance with CMMC/NIST SP 800-171” curriculum has been designed by RMF practitioners who can offer you the industry standard for getting through the process of control implementation and assessment!
DFARS Compliance with CMMC/NIST SP 800-171 Fundamentals is a one-day class designed for participants to be able to :
- Identify who is impacted by the CMMC and NIST SP 800-171
- Identify when the requirements will take effect
- Differentiate requirements for FARS and DFARS
- Understand how controls/practices apply to cybersecurity risk management principles
- Determine the potential impact of the newly released Interim Rule
- Apply DoD CUI Registry guidance to determine CUI requirements
- Relate NIST SP 800-171 controls to CMMC Process and Practice maturity levels
- Explain the current state of cybersecurity assessment as it relates to the CMMC and NIST SP 800-171
DFARS Compliance with CMMC/NIST SP 800-171 Readiness Workshop
Those seeking more in-depth practical knowledge of specific requirements and implementation should consider attending the Readiness Workshop. The two days added to the Fundamentals class is conducted with a deeper dive into individual controls and assessment requirements.
At the completion of training, participants will be able to:
- Differentiate CMMC process maturity by associated levels and relevant indicators
- Identify relevant CUI guidance
- Determine specifications for establishing boundaries
- Differentiate requirements for CMMC versus NIST SP 800-171
- Analyze effective policy components to support process maturity
- Develop preliminary plans and associated evidence to support a cybersecurity self-assessment as well as an external assessment
- Follow procedures for the NIST SP 800-171 DoD Assessment Methodology, Version 1.2.1 (required in the new Interim Rule)
- Define components of an action plan and transition roadmap for CMMC or NIST SP 800-171 implementation
Who should attend?
The DFARS Compliance with CMMC/NIST SP 800-171 Readiness Workshop is suitable for contractors in the DoD community as this will be a requirement for all contractors going forward.
Discount pricing is available when this class is combined with RMF for DoD IT. Please contact us for details.
We have an assortment of supplemental classes that can be bundled with the RMF for DoD IT to enhance your RMF training experience. By bundling you can receive a considerable discount on the supplemental classes.
Private Group Classes
If you have a group of students (normally 8 or more), any of our training programs can be delivered at your site (in a suitable classroom facility), or in our Online Personal Classroom. Group classes offer significant savings over individual class registrations; the larger the class, the greater the savings.
Please click here to request a quote.
“Per student” fee for regularly-scheduled CMMC Readiness Workshop is as follows:
DFARS Compliance with CMMC/NIST SP 800-171 Readiness Workshop (three days) – $1,795
Payment options for regularly-scheduled training are as follows:
Credit card – Visa, MasterCard and American Express
SF182 – government entities may submit an SF182 for invoicing after completion of training
PO – purchase orders are accepted from government and major corporate entities