driving worldwide business excellence

Understanding the Requirements of Cybersecurity Maturity Model Certification (CMMC) and ISO/IEC 27001:2013 for Information Security Management Systems

Home > Training > ISM > Understanding the Requirements of Cybersecurity Maturity Model Certification (CMMC) and ISO/IEC 27001:2013

Seminar Content

This 1.5 day course provides participants with awareness and understanding of the requirements of the Cybersecurity Maturity Model Certification (CMMC) required by Government Contractors and illustrates important linkages to the controls and requirements from the information security management systems standard ISO/IEC 27001:2013. The intent of this training is to provide awareness and understanding of the information and asset security management system framework and maturity levels required to achieve the organization’s desired CMMC certification.

Who Should Attend

This seminar is designed for Information Security Assurance Managers, ISO/IEC 27001:2013 Implementation and/or Transition Team Members, Management Representatives, and all others who would like to develop competency with CMMC information security levels and certification.

Recommended Training and/or Experience

An understanding of the ISO/IEC 27001:2013 requirements, controls and/or work experience in applying ISO/IEC 27001:2013, as well as other ISO ISMS standards in the 27000 series is recommended.

An understanding of Risk Management for Information Security Management required for CMMCis also important.

Seminar Materials

Each participant will receive a seminar companion manual and an electronic copy of the Information Security Assessment workbook which includes specific questions for applying requirements, controls, and maturity levels.

Seminar Goals

  • Understand the application of Information Security Assessment principles, and maturity of controls
  • Relate the Information Security Management system clauses of ISO/IEC 27001:2013 to the organizational information, assets, product designs, services, activities and operational processes
  • Relate organization’s context and interested party needs and expectations to security risk assessment, planning and implementation of an organization’s Information Security Management system

Management System Requirements of CMMC

A management system is required for CMMC compliance, and in this seminar, the ISO/IEC 27001:2013 system is used for this presentation, however it should be understood that CMMC compliance could be wrapped within another Management System, such as the Quality Management System. The relevant parts of ISO 9001:2015, IATF 16949:2016 or AS9100D could be used as the Management System tools for CMMC, rather than the similar approaches described in ISO/IEC 27001:2013.

Seminar Agenda

Day One

  • Fundamentals of Information Security Management Systems (ISMS)
    • Information Security
    • What is an Information Security Management System (ISMS)
    • The ISO/IEC 270000 Fundamentals and Vocabulary
    • The ISO/IEC 270001 ISMS Described
    • ISO/IEC 27001:2013 Requirements Descriptions
    • ISO/IEC 27001:2013 Clauses
    • Annex A
    • The Process Approach
    • Risk-based Thinking
    • ISMS Risks
    • ISMS Risk Assessment
    • ISMS Risk Treatment
    • ISO/IEC 27001 Clause 4 - Context of the Organization
    • Group Exercise 1: Context of the Organization
    • ISO/IEC 27001 Clause 5 - Leadership
    • ISO/IEC 27001 Clause 6 - Planning
    • Group Exercise 2: Assessing and Evaluating Risk
    • ISO/IEC 27001 Clause 7 - Support
    • ISO/IEC 27001 Clause 8 - Operation
    • ISO/IEC 27001 Clause 9 - Performance Evaluation
    • ISO/IEC 27001 Clause 10 - Improvement
    • ISO/IEC 27001 Annex A
    • Group Exercise 3: Annex A - Required Elements and Risk Treatments

Day Two

  • Cybersecurity Maturity Model Certification (CMMC)
    • Description
    • Assessment Criteria and Methodology
  • NIST 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
    • NIST 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
    • NIST 800-171A Assessing Security Requirements for Controlled Unclassified Info
    • NIST Handbook 162 NIST MEP Cybersecurity Self-Assessment Handbook for Assessing NIST SP 800-171 Security Requirements in Response to DFARS Cybersecurity Requirements
    • What it Consists of
    • Controls
    • How It Was Supposed to be Applied and How It Was Actually Applied
    • Compliance and How It Was Evaluated
  • How CMMC Applies the NIST 800-171 Controls
    • Certification
    • CMMC Level Control Methods (Level 1 - 5)
    • Group Exercise 4: CMMC Measurement and Analysis
    • Understanding ISMS and CMMC Final Exam

Understanding the Requirements of Cybersecurity Maturity Model Certification (CMMC) and ISO/IEC 27001:2013 for Information Security Management Systems

Search for Training

Course Keyword:

Series:

Start Date:

/ /

End Date:

/ /

Location:

Plantech-Omnex Partnership ppapandaudits