CMMC 2.0

This Cybersecurity Maturity Model Certification (CMMC) overview outlines the standard's requirements, why they are important for contractors working with the Department of Defense, and how to prepare for future certification. This updated course features a module on the changes and updates included with CMMC Version 2.0.

Course Content

CMMC Version 2.0


CMMC version 2.0
Where is CMMC Now?


CMMC Framework Deep Dive


Identifying CMMC DoD Requirements


Identifying CMMC DoD Requirements


Identifying CMMC DoD Requirements
Framework Definitions


Identifying CMMC DoD Requirements


Identifying CMMC DoD Requirements
Cyber Events


Identifying CMMC DoD Requirements
Course Overview


Identifying CMMC DoD Requirements
Get Started Now!


CMMC Implementation
Course Description

The Cybersecurity Maturity Model Certification (CMMC) combines various cybersecurity standards and best practices, and maps these controls and processes across different maturity levels from basic level cyber hygiene to advanced level. The goal is that for a given CMMC level, the controls and processes will reduce the risk of specific cyber threats. One goal of CMMC is for small businesses to be able to implement low-cost solutions to cyber threats.


No specific prerequisites are necessary to take this CMMC training; however, it is recommended that students have some experience in the cybersecurity industry and/or have familiarity with other frameworks, like NIST and CIS. It is also recommended that students be working in a government/military position.

Course Goals

By the end of this course, students should be able to:

  • Understand the CMMC Framework
  • Understand where CMMC is now
  • Get started with NIST SP800-171
  • Understand the updates from CMMC version 0.7 to version 2.0
  • What is CMMC Certification?

    The Cybersecurity Maturity Model Certification is a procedure developed by the U.S. Department of Defense (DoD) in an effort to ensure the security of the Defense Industrial Base (DIB). The DIB is a global industrial complex that allows research and development, design, production, delivery, and maintenance of military equipment including weapons systems and parts. There are over 100,000 DIB companies and subcontractors who work under contract with the DoD.

    In 2019, the DoD announced its intention to create this type of evaluation and certification program for cybersecurity, and the CMMC was born. The program certifies that the contractors working under the DoD have controls implemented that protect sensitive government data including Federal Contract Information and Controlled Unclassified Information (CUI).

    How Does the CMMC Program Work?

    The CMMC is designed to verify that contractors working with the DoD have the appropriate levels of cybersecurity processes and practices to ensure the protection of CUI and basic cyber hygiene. The controls that are to be evaluated consist of 17 sections or domains, including areas such as Access Control, Awareness and Training, Incident Response, Personnel Recovery, Risk Management, and more.

    When assessed, there are five cumulative levels of certification that organizations may receive. The levels range from basic hygiene to highly advanced controls. Every organization that intends to work with the DoD is required to be audited for compliance to the CMMC before bidding on a contract.

    The five CMMC certification levels of cyber hygiene are as follows:

  • Level 1: Basic
  • Level 2: Intermediate
  • Level 3: Good
  • Level 4: Proactive
  • Level 5: Advanced/Progressive
  • In the CMMC training course, students will dive into the specific control requirements of the 17 domains that are evaluated, as well as the definitions of each of the certification levels.

    Why Take this CMMC Training Course?

    Because the end goal of the DoD is that every contractor and subcontractor that wishes to conduct business with the DoD is CMMC certified, it’s essential that organizations understand the certification program and its requirements. Any individual or team of individuals who will be responsible for ensuring that proper cybersecurity controls are in place to be in compliance with CMMC standards should take this CMMC certification training course to become familiar with the program as well as the process of certification.

    The purpose of this training course is to ensure that appropriate cybersecurity personnel have a working understanding of how to implement security controls and how to submit a request for CMMC certification. It’s also to ensure that those cybersecurity professionals know what the requirements mandated by the DoD are for CMMC certification, so they can be prepared when it is launched.

    How Do Organizations Become Certified?

    The CMMC program will be phased in for some contractors and organizations working with the DoD starting in September 2020. When the program is completely operational, all entities that conduct business with the DoD will have to be certified to continue. Contractors and subcontractors alike will have to meet one of the five CMMC certification levels, demonstrating they have implemented cybersecurity sufficiently through the completion of independent audits.

    Organizations will be required to coordinate directly with independent auditing entities to request their CMMC assessments. The organizations must specify the level of certification they want to be certified for based on the type of business they intend to do for the DoD. Upon demonstration of the appropriate controls, maturity in capabilities, and organizational maturity to the satisfaction of the auditor, organizations will be awarded certification at the designated CMMC level.

    This course is part of a Career Path:
    No items found.

    Instructed by

    Dustin Sachs

    As a recognized expert in the field of cybersecurity, Dustin has run proactive risk assessments, incident response forensics, and worked in security operation centers (CSOCs) to strengthen the security posture for his client and employers and is a trusted partner in the immediate aftermath of cyber events.

    Dustin has submitted written and oral testimony in local, state, and Federal courts. He is a frequent thought leader and speaker on a wide variety of cybersecurity matters.

    Robert Ashcraft

    Bob is a Risk/Cybersecurity consultant and has over 30 years extensive IT Risk, IT SOX, IT governance, ITarchitecture, IT auditing, IT instructor, Cybersecurity, Project management, SSPs, Business development, Vendormanagement, training and assessment experience in the banking, retail, healthcare, pharmaceutical, university,government, manufacturing, insurance and transportation industries. Bob’s has extensive experience in IT SOX, ITCloud, CMMC, VPN, WAN/LAN-based Cyber-fraud / Cybersecurity for the government, commercial, healthcare,insurance, finance and banking industries. He also has IT experience in enterprise application via architecture,project management (Waterfall and SAFeAgile), Cyber-risk, IT SOX alignment and deployment within the AWS,Cloud, Unisys mainframe, IBM mainframe/mini, SAP, MS2016, AIX, Linux, UNIX, DB2, Sybase, Oracle, Citrix andWindows enterprise environments. His IT SOX, IT Risk, SSP and governance analysis assisted client’s implementation for achievement of short term and long-term goals for process improvements-PO&AMS. With ITSOX engagements and government contracts, Bob trains the Risk / IT auditors, managers and directors. Bob alsoworks with clients in the financial industry providing services, including internal IT audits, COSO 2013, DFARS,CMMC, COBIT 5, SOX, FHFA, HIPAA, FFIEC, FIDICA, Basel III, Model Audit Rule, NIST Cybersecurity frameworkand advisory services. He has extensive experience in pre implementation and post-implementation enterprisesoftware reviews. Bob assists in the integration of vendor’s Disaster Recovery and Business Continuity plans /programs, while maintaining company BCP, Risk and Governance regulation standards and analysis that providesimproved workflow processes for client’s teamwork environments. He presented agile, periodic and annual checklistreviews that increased awareness of absent user control considerations and exceptions. His management of ITaudit responsibilities for IT SOX and other government regulated engagements has provided the maximum 75%acceptance usage rate for external audit firms, which resulted in reduction of external audit firm’s resources, billinghours, and on-site time.

    Prior associations found Bob as an Accenture consultant where he fulfilled the CISO’s auditing and projectmanagement duties for a Top 3 international print firm’s digital pen project with Geisinger. Bob was also a CISO fora security firm, responsible for writing the company’s SOX security response, financial Performa’s and a 5-million-dollar appropriations bill for DHS, which was approved by the House and Senate. He also served as an InternalSenior Auditor for a $2 billion auto retail firm that utilizes IBM mainframe RACF technology. Bob provided supportfor Xerox Corporation projects in deploying diverse workflow processes within enterprise solutions for hospitals(code verification workflow forms), universities, commercial and government accounts with Citrix deployments ofapplications and intelligent medical process-flow forms. He also designed and implemented the first POS touchscreen application for KFC (PepsiCo).

    Bob is on the Board for InfraGard and Kiwanis and belongs to ASIS, NDIA, InfraGard, ISACA and IIA. He is aCertified Information Systems Auditor (CISA), Certified HIPAA Security Professional (CHSP), and is Certified inGovernance Enterprise Information Technology (CGEIT) and Certified in Risk Information Systems Control (CRISC). He is a graduate of Kutztown University (B.S., Business Administration), where he studied mainframe programming languages.

    Cybrary Logo
    Certification Body
    Certificate of Completion

    Complete this entire course to earn a CMMC 2.0 Certificate of Completion