CMMC Training and Certification

CMMC Certification Training Courses

The US Department of Defense has named the Cybersecurity Maturity Model Certification (CMMC) program as the cybersecurity benchmark for Organizations Seeking Certification (OSC), its partner, subsidiaries, host units and businesses. The collection of businesses and organizations, called the “Defense Industrial Base ” is the group of organizations, large and small, that contract or provide services to the Department of Defense. Maintaining adherence to the CMMC will help to reduce cybersecurity risk by protecting Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).

SteelToad’s CMMC training is designed to teach students about the CMMC Model, its standards, and how to align their cybersecurity architecture with the CMMC model to lower the risk of cyber-attacks in your environment. The Cybersecurity Maturity Model Certification (CMMC) is a key DoD program and is expected to be formally released in Q4 2024.

Prior to the formal release of the CMMC version 2.0 model, the Department of Defense is encouraging organizations to implement CMMC to align with the model now. It gives organizations a year to enhance systems in place currently, to ensure that the organization’s IT architecture, policies, and procedures are ready to go with the formal release. SteelToad is currently assisting clients in the creation of policies, procedures, and the technical implementation of a secure CMMC enclave in FedRamp moderate and high environments. To discuss CMMC, implementation, training, and/or clarification regarding the process, please schedule a conversation with our SteelToad team!

Why Choose SteelToad?

Your CMMC experience should begin with SteelToad.

SteelToad: Three for the price of one!

1. SteelToad is a Licensed Training Provider. (NECESSARY)
2. SteelToad is a Certified CMMC C3PAO. (BONUS!)
3. SteelToad has been assessed by DoD DIDCAC and scored 110/110 as a CMMC Professional Organization (BONUS!)

When students register for a SteelToad CMMC Certified training course, we want our students to approach the CMMC model and grasp the entire “CMMC big picture” – not just the CMMC model definitions. Understanding the CMMC model as a set of standards is necessary, however, it’s crucial to comprehend how to use the CMMC model in your organization. SteelToad’s CMMC training courses are taught by instructors who have firsthand experience teaching the CMMC model, firsthand experience appraising organizations against the CMMC model, and 25 years of experience as professionals delivering technology solutions in federal environments.

SteelToad Instructors: Three for the price of one!

1. Yes. We are certified CMMC Instructors. We know the model. We know how to teach. (NECESSARY!)
2. Yes. We are certified CMMC appraisers. We know how to apply the model. We know what assessors are looking for, as we are assessors. We understand how to align the standards within FedRamp Moderate and High environments in an organization. (BONUS!)
3. Yes. We have successfully implemented CMMC-compliant environments for our partners. We understand how to efficiently create an environment to fulfill all the standards outlined in the CMMC model. (BONUS!)

SteelToad in the CMMC Ecosystem: Proven!

1. We have successfully trained students in CMMC CCP Training Courses.
2. We have successfully trained students in the CMMC CCA Training Course.
3. We have successfully completed CMMC Assessments under the Voluntary Assessments of Organizations Seeking Certification (OSCs) under the authority of the DoD’s Joint Surveillance Program. We have a showcase of successful CMMC clients. CMMC assessments were conducted for large multi-location organizations, Defense Contractors, metals and industrial products manufacturers, and architecture and engineering (AE) firms, resulting in referenceable clients.
4. We have successfully designed and implemented secure CMMC enclaves for the DIB, including policies, procedures, and plans to meet the CMMC. Our CMMC engagements are organized, thorough, and efficient. We have been told, “We know what we are doing and are worth every dime”.

SteelToad: A lot of EXTRA!

So, if you are a student and you are trying to determine where to take your CMMC training, make sure to understand the instructor’s credentials and the organization. Did the instructor ever implement a CMMC secure enclave that was assessed? Did the instructor participate in prior CMMC assessments? With SteelToad, you are getting much more than an instructor who understands the model – you are learning from an assessor who has implemented CMMC in FedRamp moderate and high environments… That’s a lot of extra.

Have we convinced you yet?

SteelToad was the 11th company awarded as a CMMC C3PAO. Our team was successfully assessed by the Department of Defense in April 2022.

We know what we are doing.

We are happy to share.

Sign up for one of our CMMC Training courses here.

Who Should Take CMMC Certified Professional (CCP) Training Courses?

Professionals seeking a further understanding of the CMMC Model should register for the SteelToad CMMC Certified Professional Course (CCP). Cybersecurity and quality professionals in your organization, as well as any other team members interested in learning about the NIST 800-171 requirements and the CMMC as you apply cybersecurity within your business.

CMMC Certified Professionals have two “official” roles with a CMMC CCP certification:

1. CMMC Consultant
2. CMMC Assessment Team Member

Professionals who want to understand the CMMC model and ensure their environments are compliant with NIST 800-171 are enrolling in SteelToad CMMC CCP training courses to learn about the model and support the alignment of internal processes to the CMMC model in preparation for upcoming certification requirements.

A SteelToad CMMC Certified Professional Course will provide you with a five-day learning experience driven by instructors who have been immersed in delivering secure information CMMC solutions to customers in the federal marketplace.

The concepts, applications, and methodology from knowledgeable instructors with real-world examples will be covered in this CCP course.

• Identifying threats to the defense supply chain
• Understanding the established regulations and standards to manage cybersecurity risk
• Identifying sensitive information that must be protected in the defense supply chain.
• Define the CMMC Model and learn how to comply with federal regulations
• Understand all responsibilities of a CMMC Certified Professional
• Assess Objective Evidence for best practices using the CMMC Assessment Guides.
• Identify processes and practices in CMMC Levels 1 and 2
• Understand the scope and logistics of a CMMC Assessment.

Prerequisites: CMMC (CCP) Training Course

In order to sign up for a SteelToad CMMC Certified Professional Training course, a student should have a few prerequisites.

The first requirement is a bachelor’s degree in a cyber or information technology discipline with at least two years of experience or two years of equivalent experience in a cyber, information technology, or assessment sector. If you want to be a CCP who participates in a CMMC Assessment Level 2 Assessment, you must be a US citizen. Anyone may take the CCP course, even if you are not a US citizen. It is recommended you have a CompTIA A+ or comparable knowledge/experience; however, not required.

If you meet the above requirements, you may attend the Certified CMMC Professional (CCP) class, which will be led by a certified CMMC Instructor. 100% of SteelToad’s instructors are also Certified CMMC Assessors.

After taking the CCP training course, students will need to successfully earn an 80% or higher on the CCP exam. SteelToad provides mock practice exams for you to evaluate your knowledge. Students will need to complete the DOD CUI Awareness Training within three months of taking the CCP exam. After passing both the CCP exams, you can participate as a CMMC Assessment Team for a Maturity Level 2 Assessment. CCPs will be listed on the CMMC Marketplace.

There are fees associated with the CCP certification including registration and application fees, CCP training course fees, individual exam fees, and annual certification renewal fees.

If students are interested in continuing with more CMMC education and training, the next step is to become a Certified CMMC Assessor (CCA).

What Is A Certified CMMC Professional (CCP)?

A certified CMMC Professional (CCP) wants to learn about the Cybersecurity Model Maturity Certification Model (CMMC) to safeguard Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). A student may become a Certified CMMC Professional by meeting the necessary prerequisites, taking the SteelToad CMMC CCP training course, and CCP passing the exam.

By 2026, the Department of Defense (DoD) is expected to require all Defense Industrial Base contractors to manage FCI and CUI to achieve some level of CMMC certification, depending on the sensitivity of the information they manage. A CMMC Certified Professional is an essential member of the CMMC Ecosystem and may serve in a variety of roles related to the CMMC Model.

A CCP may assist organizations in a consulting role by helping to:

• Identify gaps in CMMC compliance
• Assist in closing gaps and bringing alignment for processes in the model
• Evaluate internal compliance
• Prepare an organization for a CMMC assessment
• Help OCS identify the objective evidence and the individuals for the scope of the assessment
• Help the organization to understand the CMMC
• Help the organization determine the Maturity Level required

A CCP may be a member of a CMMC Assessment team with a Lead Assessor leading the team. CCP acts in a supportive role by

• Providing support in planning and preparing for the assessment.
• Providing support during the assessment.
• Providing support in the reporting of the recommended assessment results.

The CCP certification for a professional serves as a prerequisite to taking the CMMC Certified Assessor Training Course to become a CMMC Lead Appraiser.

How Do I Become A CMMC Professional (CCP)?

SteelToad is a CMMC Licensed Training Provider (LTP) and is certified to provide CMMC Certified Professional Training courses. Registering for a CMMC CCP training course is the first step to becoming certified as a CMMC Professional. SteelToad offers training in both public and private courses throughout the year, and students may enroll and purchase the public course. There are a few “set-up steps” listed below and required by The Cyber AB, before students may take SteelToad’s CMMC CCP training course. If you have any questions concerning the process, please contact Erica Hanson, Erica.Hanson@SteelToad.com to provide clarification for you.

The time to obtain a CMMC CCP certification is based on a student’s availability to complete the steps required to obtain a CCP certification. Prior to enrolling in the training course, the following tasks must be completed:

1. Students will need to complete the CMMC Certified Professional Application.
2. Students will need to pay $200, online, to obtain a CMMC Professional Number (CPN)
3. Students will read, review, and sign the Code of Professional Conduct (CoPC)
4. Students will read, review, and sign the Individual Service Agreement (what is this)
5. Students will take the SteelToad CMMC CCP training course. The SteelToad CMMC CCP course is 40 hours of instruction delivered in five days (from 9:00 am EST to 5:00 pm EST).
6. SteelToad will send the student’s roster information to CAICO once the CCP course is completed.
7. Students pay $275.00 for the CCP exam.
8. The CMMC CCP exam must be taken at a proctored testing center. This can be planned based on the student’s availability and timetable.

CCP APPLICATION PROGRESSION CHECKLIST

1. The application has been submitted
2. The payment has been received
3. You have signed the Code of Professional Conduct with DocuSign
4. You have signed the Agreement with DocuSign
5. The required Training with a Licensed Training Provider (LTP) has been completed
6. The exam fee payment has been received
7. You have passed the Exam

How Long Does It Take To Get A CMMC CCP Certification?

How Long Does The CMMC CCP Certification Last?

CMMC Professionals must renew their certifications every year, paying the CCP renewal fee of $250.

CMMC CCP Course Objectives

Students in the SteelToad CMMC CCP training course will learn the CMMC Model from instructors who are also CMMC assessors. This course will teach students the following objectives:

• Students will learn how to identify cybersecurity threats to the Defense Industrial Supply Chain.
• Students will learn about the rules and regulations that must be followed to manage risk in the Defense Industrial Supply Chain.
• Students will learn how to determine what is considered sensitive information within the Defense Industrial Supply Chain and how to secure and manage it.
• Students will learn how the CMMC Model ensures compliance with FARS and DFARS.
• Students will understand what the ethical and professional responsibilities are for a Certified CMMC Professional.
• Students will learn how to establish the certification and assessment scope for the OSC.
• Students will learn how to conduct a readiness plan and review to prepare the OSC for an assessment.
• Students learn how to assess the Evidence for the CMMC model practices by using the CMMC Assessment Guides.
• Students will learn how to evaluate and implement practices in CMMC 2.0 Maturity Level 1.
• Students learn how to identify and apply the practices in CMMC 2.0 Maturity Level 2.
• Students learn what it means to be a CCP and work through a CMMC 2.0 assessment process.

Students earn the title of “Certified CMMC Professional” (CCP) after passing the CMMC CCP test with a score of 80% or above.