cmmc.southernct.eduCybersecurity Maturity Model Certification (CMMC) at Southern Connecticut State University

Southern Connecticut State University Request Information Contact Search for: Home Subject Matter Experts Instructors Search for: Cybersecurity Maturity Model Certification (CMMC) JChan 2023-10-09T13:13:59-04:00 Cybersecurity Maturity Model Certification (CMMC) Loading... Help protect our global supply chain and keep America safe Register Now Request Information 2023 Course Dates Aug 1, 2023 (Lunch) September 5, 2023 (Evening) October 2, 2023 (Lunch) November 6, 2023 (Evening) December 4, 2023 (Lunch) January 8, 2024 (Evening) February 5, 2024 (Lunch) March 4, 2024 (Evening) April 1, 2024 (Lunch) May 6, 2024 (Evening) June 3, 2024 (Lunch) Take Your Pick Our course classes meet for 75 minutes, two (2) days each week Course duration: Five (5) weeks, for a total of Ten (10) classes Classes commence at either 12 noon Lunch Class”, or 6 pm Evening Class”, to suit your busy schedule In addition, your instructor will hold office hours twice per week to answer questions and allow further collaboration between attendees. All Course Material is developed by Southern Connecticut State University (SCSU) and is Authorized and Approved by The Cyber AB (formerly called CMMC-AB) which is the official accreditation body and non-governmental partner of the US Department of Defense. Approved for use by Licensed Training Providers (LTPs). What is CMMC? In 2019 the Department of Defense (DoD) announced the creation of the Cybersecurity Maturity Model Certification (CMMC) program to govern the Defense Industrial Base (DIB). CMMC relies on self-assessments and requires Third-Party Assessment Organizations (C3PAO) to certify a company’s compliance. CMMC builds from DFARS/NIST 800-171 (earlier cyber protocols) but also includes controls from other cybersecurity frameworks. Where CMMC differs is in the maturity model, the required certification of participants, and the added role of third-party assessors. The Maturity Model essentially expresses a framework of added protocols for increasingly sensitive information. On November 4, 2021 the Department of Defense unveiled an update to the Cybersecurity Maturity Model Certification framework – CMMC 2.0 – to streamline compliance, increase flexibility, and lower the cost for manufacturers and IT providers within the DIB. Essentially, the Maturity Levels were consolidated from five (5) to just three (3) levels. CMMC 2.0 supersedes 1.0 and allows Level 1 and some Level 2 companies to self-assess and forgo the cost of third-party assessments. Modules of our approved course material: Introduction to Cybersecurity Maturity Model Certification In 2019 the Department of Defense announced the creation of the Cybersecurity Maturity Model Certification (CMMC) to replace the self-reporting of cyber hygiene that used to govern the DIB. CMMC puts an end to self-assessment and requires a third-party assessor to verify the cybersecurity maturation level. The CMMC builds from NIST 800-171 but also includes controls from other cybersecurity frameworks. Where CMMC differs is in both the maturation model and the role of third-party assessors. The CMMC defines 17 domains of cyber hygiene that are comprised of hundreds of objectives. In fact you need to meet 705 objectives at CMMC Level Three. Many of these objectives, up to 70% do not rely on or require a technical solution. In this module we will learn and explore the aspects and elements of CMMC and explain its overall importance to different stakeholders by asking: What kind of sensitive data does CMMC seek to protect? How did CMMC become federal policies? What foundational documents and regulations spell out the requirements for CMMC? History and Players of CMMC On February 24 th , 2021, President Biden signed an Executive Order to protect our supply chains. CMMC seeks to protect the global Defense supply chain by creating a baseline of cybersecurity. This baseline began to unfold in the Federal Information Management Security Act passed in 2002. In this module we will trace the history of CMMC, from the regulations to the players in the ecosystem from FISMA to today. Securing Sensitive Data Compliance with CMMC requires the protection of two types of data: Federal Contract Information and Controlled Unclassified Information. Understanding how these data work help ensure CMMC compliance. In this module we will learn the differences between types of data and the legal responsibilities of authorized holders. You will write sample policies and examine procedures to protect CUI. View Reading Chapter Sample Cybersecurity Ethics Cybersecurity Maturity Model Certification will have massive impacts on businesses. Millions of dollars in contracting can vanish if a company fails an assessment. This makes ethics an utmost concern of the CMMC-AB. In this module we will trace the roots of cybersecurity ethics. We will then review specific policies of the CMMC-AB and consider malicious and accidental internal threats around Conflict of Interest. Knowing Your Scope A Certified CMMC Professional will need to provide scoping guidance to Organizations Seeking Certification. Understanding data flow diagrams and how sensitive data transverse your people, processes, and technologies will impact the bottom line. In this module we will define three levels of scoping, we will then discuss elements of network diagramming, and scoping using a segmented zone approach. CMMC Methodology As a CCP you will want to coach an Organization Seeking Certification on the CMMC Assessment Process. This involves four phases designed to assess an OSC over a period of six to eight weeks. In this module we will go through the four phases, identify key levers at each phase and then build a fictional assessment team. Identity and Access Management The Department of Defense (DoD)’s Cybersecurity Maturity Model Certification (CMMC) is the latest step in the DoD’s program to protect controlled unclassified information (CUI), the defense industrial base (DIB), and the DoD’s supply chain. Controlling access to your network is an essential foundation for security. The domains in this chapter are all intended to help you control access to your networked environment. Controlling access is fundamental to ensuring CUI and other information is appropriately protected. In this module we’ll examine: WHO has access to your network? WHAT systems can be access? HOW is access to information controlled? WHERE can you confirm your control measures are being effective? People and Procedures Technology changes and evolves constantly; the specific security measures taken to protect any given technology must also evolve with it. One element in the security equation, however, remains constant: the human element. As humans, we have the ability to make mistakes or do something unexpected. A number of studies have shown that between 50% and 80% of all cybersecurity breaches are caused by human error. This number includes cases where a human was tricked into engaging with a malicious actor without realizing it. Training, awareness, and proper understanding of the risks associated with an activity are all important parts of protecting sensitive information. In this module we’ll examine: What is the difference between awareness and training? What elements make up a good personnel security plan? How can you apply the findings of security and risk assessments to building a solid security program? Technical Systems Protecting data isn’t just preventing unauthorized access; protecting data also requires making that data available to the people and processes that need it. Indeed, two of the three elements of the CIA triad, Integrity and Availability, are both descriptive of the timely usefulness of that data. The domains discussed in this module are all focused on ensuring that the data you have is accessible and useful when it is needed. In this module we’ll examine: How do you plan for the unexpected, such as a natural disaster? What are the best practices to ensure you...