Certified CMMC Professional Boot Camp
Start your CMMC journey by becoming a Certified CMMC Professional (CCP)! This five-day boot camp provides a comprehensive overview of the new Cybersecurity Maturity Model Certification requirements and prepares you to earn your CCP, which is the first step to becoming a Certified CMMC Assessor.
Earn your CCP, with exam insurance!
- Exam Insurance — If you don’t pass, we’ll cover your second attempt free!
- 100% Satisfaction Guarantee
- CCP exam payment
- Unlimited CCP practice exam attempts
- Five days of live, expert Certified CMMC Professional training
- Immediate access to Infosec Skills from the minute you enroll to 90 days after your boot camp
- Learn by doing with hundreds of additional hands-on courses and labs
- 90-day access to all boot camp video replays and materials
- Knowledge Transfer Guarantee
Certified CMMC Professional
The Certified Professional is a gateway to becoming a Certified Assessor, but it also certifies you as a valuable resource for consulting agencies, CMMC Third-Party Assessor Organizations (C3PAOs) and organizations needing CMMC support and guidance. Earning your CCP allows you to:
- Participate as an assessment team member under the supervision of a Certified Assessor
- Work towards becoming a Certified Assessor or Certified Instructor
- Validate your training and understanding of the CMMC for clients and employers
- Use the Certified CMMC Professional logo and be listed in the CMMC-AB Marketplace
CMMC-AB Licensed Training Provider and Licensed Partner Publisher
Infosec is a Licensed Training Provider (LTP) and a Licensed Partner Publisher (LPP) for the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB), an independent accreditation entity created in January 2020 that’s responsible for establishing, managing, controlling and administering the CMMC assessment, certification, training and accreditation processes for the defense supply chain.
CMMC training overview
Developed by the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD A&S) and other federal stakeholders, the Cybersecurity Maturity Model Certification (CMMC) assesses and enhances the cybersecurity posture of the Defense Industrial Base. The CMMC encompasses multiple maturity levels that range from “Basic cybersecurity hygiene” to “Advanced/progressive.” The required CMMC level will be specified in requests for information (RFIs) and requests for proposals (RFPs) for DoD contracts.
What you'll learn
- Understand the CMMC model, its history, need and development
- Articulate the CMMC model framework, its constructs and usage
- Demonstrate an understanding of applicable legal and regulatory guidance, roles and responsibilities as it pertains to the handling of controlled data (FCI/CUI) within the DoD
- Understand how to engage supplemental materials (such as NIST 800-171, ISO 27001) to further inform practice characterization
- Demonstrate how CMMC practices are influenced by the progression of CMMC maturity processes
- Demonstrate relationships between practices and their applicable capabilities/domains
- Understand the CMMC assessment methodology, its requirements and work flows
- Demonstrate an understanding of the Code of Professional Conduct/COE through practical example
CMMC Maturity Levels
The CMMC model has five levels for measuring cybersecurity maturity, and each level has a set of processes and practices. In this boot camp, you’ll learn what goes into each of the following levels:
- CMMC Level 1
- Processes: Performed
- Practices: Basic Cyber Hygiene
- CMMC Level 2
- Processes: Documented
- Practices: Intermediate Cyber Hygiene
- CMMC Level 3
- Processes: Managed
- Practices: Good Cyber Hygiene
- CMMC Level 4
- Processes: Reviewed
- Practices: Proactive
- CMMC Level 5
- Processes: Optimizing
- Practices: Advanced/Progressive
Who should attend
- Employees of DoD contractors that make up the Defense Industrial Base (DIB)
- Regulatory compliance officers and legal team members
- Cybersecurity managers
- Consultants looking to provide CMMC guidance
- Individuals starting the Certified CMMC Assessor or Certified CMMC Instructor career path
- Anyone looking to build a foundation of knowledge and skills around the new CMMC requirements
Citizen requirements
Certified Professionals and Certified Assessors must meet citizenship requirements defined by the CMMC-AB:
- Certified Professionals and CCA-1 Assessors: U.S. person (U.S. citizenship is required to participate as a team member on ML-2 assessments)
- CCA-3 and above: U.S. citizenship is required
- International C3PAOs: Must be a citizen of the country where the C3PAO is based, will be authorized only to assess contractors based in that country, and the U.S. Government must establish bi-lateral agreements with other countries with respect to CMMC prior to the issuance of any authorizations related to CMMC
Prerequisites
- College degree in a technical field or other equivalent experience (including military) OR
- 2+ Years in cyber or other information technology field
- CompTIA A+ Certification (or similar knowledge)
- Gain CMMC-AB approval of the submitted application as to education and experience requirements
- Complete the DoD Mandatory CUI Training
Everything you need to earn your CMMC-AB CCP
- Exam Insurance — If you don’t pass, we’ll cover your second attempt free!
- 100% Satisfaction Guarantee
- CCP exam payment
- 5 days live, expert CMMC instruction (live online or in-person)
- 90-day extended access to recordings of daily lessons
- 100s of additional hands-on courses and labs
- Knowledge Transfer Guarantee
Exam Insurance — we've got you covered.
If you don’t pass, we’ll cover your second attempt free!
CCP training schedule
Infosec’s CMMC training is more than just a boot camp. We support you before, during and after your live training to ensure you’re fully prepared for your exam — and get certified on your first attempt.
-
Before your boot camp
-
Start learning now. You’ll get immediate access to all the content in Infosec Skills the moment you enroll. Prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.
-
-
During your boot camp
-
Day 1
Purpose of the model
- Define domain of the model
- Supporting culture and guiding behavior
- Explain Federal Acquisition Regulation relationship
- Explain Defense Federal Acquisition Regulation relationship
- Define difference between FAR 52.204-21 and DFARS 252.204-7012
- Describe how NIST 800-171 has helped shape the CMMC
Maturation model
- Identify maturity level description
- Compare focus of maturation levels
- Define process maturity as institutionalization
- Describe cumulative processes of maturation level
- Describe cumulative cyber hygiene practices across level
- Identify capabilities across domains
Roles and responsibilities
- Describe C3PAO’s (Certified Third-Party Assessment Organizations) role
- Describe assessor’s (CCA-1, CCA-3, CCA-5) role
- Describe assessment team members’ role
- Describe OSC’s (Organization Seeking Certification) role
- Describe RPO’s (Registered Professional Organization) role
- Describe RP’s (Registered Practitioners) role and responsibilities
- Describe LPP’s (Licensed Partner Publisher) role and responsibilities
- Describe LTP’s (Licensed Training Provider) role and responsibilities
Roles of Certified Professional in the CMMC ecosystem
- Describe technical opportunities
- List external consultant opportunities
- Compare opportunities across CMMC ecosystem
Ethics
- Identify current and future legal obligations of contractors
- Define legal responsibility of C3PAO
- Compare legal differences between LPP and LTP
Day 2
DoD supply chain
- Describe expectations from DoD acquisitions
- Define defense industrial base
- Define difference between DIB and DSC
- Describe role of supply chain protecting DoD
- Describe the DoD expectations for supply chain contractors
- Identify types of information targeted by adversaries
- Evaluate consequences of non-compliance
Protecting information
- Define Federal Contract Information (FCI)
- Define Controlled Unclassified Information (CUI)
- Identify minimum federal contract Information
- Identify Controlled Technical Information
- Identify Export Controlled information
- Compare FCI and CUI
Day 3 and 4
CMMC documentation
- Understand organization of CMMC assessment guide
- Define connection to NIST SP 800-171A
- Use unique identifiers to identify practices and processes
- Use model matrix to identify practices and processes associated with a maturation model
- Use clarifications to find additional explanations
- Identify additional elements added to CMMC-AB
CMMC domains
For the following domains, you should be able to define the domain, utilize reference doc(s), identify where an assessor would look, identify who an assessor would ask, describe what an assessor would test, compare domain across maturation levels and distinguish associated capabilities:
- Access control (AC)
- Asset management (AM)
- Audit & accountability (AU)
- Awareness & training (AT)
- Configuration management (CM)
- Identification & authentication (IA)
- Incident response (IR)
- Maintenance (MA)
- Media protection (MP)
- Personnel security (PS)
- Physical protection (PE)
- Recovery (RE)
- Risk management (RM)
- Security assessment (CA)
- Situational awareness (SA)
- System & communications protection (SC)
- System & information integrity (SI)
Day 5
Assessment team protocols
- Assessment as partnership
- Compare audits and assessments
- Define characteristics of an assessment
- Describe guiding principles of assessment
- Write feedback based on assessment data
- Assessment team member role
- Label steps in assessment methodology
- Utilize CMMC appendices to identify observable evidence
- Describe assessment team role
Certified CMMC Professional (CCP) exam review
-
-
After your boot camp
-
Your Infosec Skills access extends 90 days past your boot camp, so you can take additional time to prepare for your exam, get a head start on your next certification goal or start earning CPEs.
-
Sign up