Cyber security professionals have their work cut out for them when it comes to navigating through the numerous industry regulations and guidance available surrounding the topic of cyber security. Which set of criteria applies to my organization…and why? New Horizons is here to assist in guiding your organization through today’s cyber security regulation and guidance and landscape. This course delivered over 3 half-day sessions will provide business owners, leaders, managers, implementors, and practitioners a comprehensive review of legal, regulatory, and policy requirements for businesses seeking to or presently handling protected data (FCI/CUI/CDI). Implementation guidance will include presenting and developing compliance requirements across diverse business environments and will discu


* Actual course outline may vary depending on offering center. Contact your sales representative for more information.

Learning Objectives

In this course, you will examine the current CMMC model (Version 1.02), framework, context, and application within the DoD, as well as the expectations and requirements that will be imposed upon organizations that do business with the DoD. It will also help you to identify threats to cybersecurity and privacy within an IoT ecosystem and implement appropriate countermeasures. You will gain the skills to Identify risks within the defense supply chain and the established standards for managing them; Describe how the CMMC model ensures compliance with federal acquisition regulations; Identify responsibilities of the CMMC Certified Professional, including appropriate ethics and behavior; Identify regulated information and establish the Certification and Assessment scope boundaries for evaluating the systems that protect that regulated information; Evaluate OSC readiness and determine the objective evidence you intend to present to the assessor; Use the NIST 800-171A and CMMC Assessment Guide to assess objective evidence for processes and practices; Implement and evaluate practices required to meet CMMC maturity level 1; Implement and evaluate processes and practices required to meet CMMC maturity level 2; Implement and evaluate processes and practices required to meet CMMC maturity level 3; Identify processes and practices required to meet CMMC maturity levels 4 and 5; Work through the logistics of a CMMC assessment, including planning for and conducting the assessment, as well as any follow-up processes, such as remediation and adjudication.

  • An overview of the CUI program

  • An overview of the CUI program, history, and current authorities.

  • An in-depth description

  • An in-depth description of current legal, regulatory, and policy requirements as it pertains to businesses handling protected data

  • Handling, marking, and destruction of protected data

  • Initial marking requirements
    Safeguarding controls and measures
    Training Requirements
    Retention and/or Destruction
    Information system and Device security
    Transfer outside of protected enclaves

  • Data privacy standards

  • Data privacy standards and methods (NIST SP 800-171, NIST SP 800-53, CMMC, FedRAMP, and Export Compliance/ITAR)

  • Encryption methods

  • Encryption methods and mechanisms (FIPS 140-2/3)

  • Instruction for development

  • Instruction for development of data flow diagrams and inventories

  • Enclave establishment and administration

  • Identification and Authentication
    Access and Authorization
    Device protection and management
    Leveraging 3rd Party Service Providers (e.g. Azure, AWS)
    Intrusion detection
    Incident Reporting and Recovery
    Data Management, Protection, and Recovery

  • Leveraging Control

  • Leveraging Control Inheritance

  • Compliance Assessments, tools, and 3rd Party Certifications

  • Preparing for your 3rd Party Assessment
    Initial/Recertification Requirements
    Best practices

  • Opportunities

  • Opportunities for cost savings and reduction


This course provides a jump start on learning material that relates to the CMMC program, and to the planned Certified Professional (CP) certification in particular. It discusses the CMMC program, the current CMMC Model, and other CMMC materials as they exist today. The course may be of interest to individuals who wish to pursue the CMMC-CP certification when it is released. It may also be useful to stakeholders in organizations who will be involved in CMMC assessments, and who wish to gain a general understanding of the program and its requirements for their business planning purposes




There are no stated prerequisites for this course. Please check with your representative for details.


Length: 2.0 days (16 hours)


Not Your Location? Change

Course Schedule:

To request a custom delivery, please chat with an expert.