Introducing...
CMMC Engaged
Get access to our proven CMMC tools, training, and cybersecurity compliance experts under a single package, without paying for expensive consultants. For Department of War (DoW) contractors, IT teams, Managed Service Providers, and anyone facing or helping with CMMC compliance.
CMMC Compliance Software and Training for the Whole Team
CMMC compliance is not an IT problem; it is a whole-of-business challenge, from IT to HR to senior leadership. It is crucial that your organization understands what CMMC means for the entire team. CMMC Engaged is a subscription tier of our Totem™ CMMC Compliance Management tool that combines our proven CMMC GRC software with a robust CMMC Learning Management System (LMS). Rather than relying on standalone courses or one-time workshops, your entire team can leverage our expert-led CMMC training alongside the tools needed to manage ongoing compliance, all packaged into one subscription.
Leverage Totem's extensive CMMC learning content, or host your own!
Empower your team to confidently meet the CMMC requirements.
We're frequently adding new and updated training. Here's some of what you'll learn:
Overview of CMMC
- Why the Need for CMMC?
- Overview of the DFARS / NIST / CMMC Requirements
- Relationship Between Federal Government Information Types
- Summary of Contractual Clauses
- The CMMC Model
- CMMC Compliance Timeframes
- CMMC in a Nutshell
- CMMC Costs and Level of Effort
CMMC Scoping
- Where to Start with Cybersecurity Compliance
- How to Identify Controlled Unclassified Information (CUI)
- CUI Lifecycle Characterization in Totem™
- What is Scoping?
- FCI Scoping and Asset Categorization
- CUI Scoping and Asset Categorization
- Creating a Data Flow Diagram
Self-Assessments
- DFARS Clauses Requiring SPRS Access and Reporting
- DoW Assessment Methodology Overview
- Performing a NIST SP 800-171 Self-Assessment in Totem™
- How to Get Access to SPRS
- Reporting a NIST SP 800-171 Self-Assessment in SPRS
Building a System Security Plan (SSP)
- What is a System Security Plan?
- System Security Plan Requirements
- Example System Security Plan Policies
- Identifying Sources of Evidence
- Building a System Security Plan in Totem™
Building a Plan of Action & Milestones (POA&M)
- What is a Plan of Action & Milestones?
- Features of a Quality Corrective Action Plan
- POA&Ms in the CMMC Rule
- Creating a POA&M in Totem™
CMMC Level 1 and FAR 52.204-21 / FAR 52.240-93
- Cybersecurity Capabilities Required for CMMC Level 1
- How to Display the CMMC Level 1 Controls in Totem™
- Understanding the CMMC Level 1 Access Control Requirements
- Understanding the CMMC Level 1 Identification and Authentication Requirements
- Understanding the CMMC Level 1 Media Protection and Sanitization Requirements
- Understanding the CMMC Level 1 Physical Protection Requirements
- Understanding the CMMC Level 1 System and Communications Protection Requirements
- Understanding the CMMC Level 1 System and Information Integrity Requirements
- Reporting a CMMC Level 1 Self-Assessment in SPRS
CMMC Level 2, NIST SP 800-171, and C3PAO Assessments
- NIST 800-171 Revision 2 vs. Revision 3
- Reporting a CMMC Level 2 Self-Assessment
- What is a C3PAO?
- How Do I Know I'm "Ready" for a CMMC Level 2 C3PAO Assessment?
- What to Expect During a CMMC Level 2 C3PAO Assessment
- C3PAO Assessment Phase 1: Conduct the Pre-Assessment
- C3PAO Assessment Phase 2: Assess Conformity to Security Requirements
- C3PAO Assessment Phase 3: Complete and Report Results
- C3PAO Assessment Phase 4: Issue Certificate and Clouse Out POA&M
External Service Providers
- What is an External Service Provider?
- What is a Shared Responsibility Matrix?
- What is FedRAMP?
- Which Cloud Services Can I Use?
- When Do I Need to Use FIPS-Validated Cryptography?
Enclaves
- What Does it Take to Claim an Enclave?
- Benefits of an Enclave Approach
- Types of Enclaves
- Enclave SSP Templates in Totem™
Totem
Our trusted CMMC Compliance Management platform for you to manage, document, and prove your CMMC compliance.
CMMC Training Portal
A robust LMS with carefully curated content designed to help your staff learn how to achieve and maintain CMMC.
Support
Access to weekly one-on-one consultation plus an exclusive monthly live Q&A forum with our expert instructors.
Frequently Asked Questions
Can my company include its own training content in the LMS?
Yes! If your organization has created (or wants to create) its own CMMC training (e.g., training for a specific role or function), we can host the training content in the LMS for you. Let us know if this interests you.
Who is the training intended for?
The training is intended for anyone with a hand in your organization's CMMC compliance efforts. Typically, this will include areas such as senior leadership, IT, security, operations, engineering, HR, quality, legal, and procurement.
Who are good candidates for CMMC Engaged?
Good candidates for CMMC Engaged include any Department of War (DoW) contractors facing CMMC compliance. Non-DoW contractors required to implement NIST SP 800-171 to protect Controlled Unclassified Information (CUI) are also good candidates.
I'm an IT Managed Service Provider (MSP). Can I offer CMMC Engaged to my clients?
Yes, you may, and this is achieved through the Expert subscription tier of Totem. You can indicate interest here.
I'm a Prime contractor. Can I offer CMMC Engaged to my supply chain?
Yes, you may, and this is achieved through the Enterprise subscription tier of Totem. You can indicate interest here.