Cybersecurity Maturity Model Certification (CMMC)


Technologist operating on a computer

Register Now Request Information


CMMC Certified Professional (CCP) 2.0 – A person who has successfully completed all certification program requirements outlined by the CAICO to become a Level 1 CMMC Assessor. A Provisional Assessor (PA) will become a CCP by passing the associated certification exam.

  • $1,999 - Exam Pass Guarantee: Take our class again for free if you do not pass the CCP exam on your first try
  • Live online training:
    • September 2 to October 6, 2024 - Mondays & Thursdays, 6 to 7:15 PM EST. 
    • November 25, 2024 to January 5, 2025 (no classes the week of Dec 23) Mondays & Thursdays, 12 to 1:15 PM EST. 
    • January 6 to February 9, 2025 - Mondays & Thursdays, 6 to 7:15 PM EST. 


Certified CMMC Assessor (CCA) – A person who has successfully completed all certification program requirements outlined by the CAICO to become a Level 2 CMMC Assessor. A Provisional Assessor (PA) will become a CCP and then a CCP by passing the associated certification exam(s).

  • $1,999 - Exam Pass Guarantee: Take our class again for free if you do not pass the CCP exam on your first try
  • Live online training:
    • October 14 to November 24, 2024 - Mondays & Thursdays, 12 to 1:15 PM EST. 

What is CMMC?

From Cyber AB is the official accreditation body of the Cybersecurity Maturity Model Certification (CMMC) Ecosystem: The Cybersecurity Maturity Model Certification (CMMC) is a major Department of Defense (DoD) program built to protect the defense industrial base (DIB) from increasingly frequent and complex cyber-attacks. It particularly aims to enhance the protection of controlled unclassified information (CUI) and federal contract information (FCI) shared within the DIB.

The Framework combines various cybersecurity standards and best practices intended to:

  • Safeguard sensitive information to enable and protect the warfighter
  • Dynamically enhance DIB cybersecurity to meet evolving threats
  • Ensure accountability while minimizing barriers to compliance with DoD requirements
  • Contribute towards instilling a collaborative culture of cybersecurity and cyber resilience
  • Maintain public trust through high professional and ethical standards

Course Structure

All course material is developed by SCSU faculty. SCSU OWLL is Authorized and Approved by The Cyber AB (formerly called CMMC-AB), the official accreditation body and non-governmental partner of the US Department of Defense. Approved for use by Licensed Training Providers (LTPs).

Course Schedule

Classes meet for 75 minutes twice a week over five weeks, totaling ten classes. You can choose between two convenient options:

Lunch Class: 12:00 PM
Evening Class: 6:00 PM

Instructor Office Hours

To support your learning, the instructor will hold office hours twice weekly for questions and additional collaboration.

Experts in the Field

SCSU OWLL, an approved Licensed Training Provider, should be your first choice to ensure compliance with this critical step in your company’s future.

SCSU is a top-tier higher education institution that offers a master of science degree in Cybersecurity and world-renowned staff and professors.

Our team members have a deep understanding of DOD Cybersecurity development and requirements from decades of work in the CMMC Ecosystem.

Courses are designed by cybersecurity experts, instructional designers, and educational psychologists.

Examples of Approved CCP Course Material

In 2019, the Department of Defense announced the creation of the Cybersecurity Maturity Model Certification (CMMC) to replace the self-reporting of cyber hygiene used to govern the DIB.  CMMC ends self-assessment and requires a third-party assessor to verify the cybersecurity maturation level.

The CMMC builds from NIST 800-171 but includes controls from other cybersecurity frameworks. CMMC differs in both the maturation model and the role of third-party assessors.

The CMMC defines 17 domains of cyber hygiene that are comprised of hundreds of objectives. In fact, you need to meet 705 objectives at CMMC Level Three. Many of these objectives, up to 70%, do not rely on or require a technical solution.

In this module, we will learn and explore the aspects and elements of CMMC and explain its overall importance to different stakeholders by asking:

  • What kind of sensitive data does CMMC seek to protect?

  • How did CMMC become federal policies?

  • What foundational documents and regulations spell out the requirements for CMMC?

On February 24th, 2021, President Biden signed an Executive Order to protect our supply chains. CMMC seeks to protect the global Defense supply chain by creating a baseline of cybersecurity.

This baseline began to unfold in the Federal Information Management Security Act passed in 2002. In this module we will trace the history of CMMC, from the regulations to the players in the ecosystem from FISMA to today.

Compliance with CMMC requires protecting two types of data: federal contract information and controlled unclassified information. Understanding how these data work helps ensure CMMC compliance.

This module will teach you the differences between data types and authorized holders' legal responsibilities. You will write sample policies and examine procedures to protect CUI.

View Reading Chapter Sample

Cybersecurity Maturity Model Certification will have massive impacts on businesses. Millions of dollars in contracting can vanish if a company fails an assessment. This makes ethics an utmost concern of the CMMC-AB.

In this module we will trace the roots of cybersecurity ethics. We will then review specific policies of the CMMC-AB and consider malicious and accidental internal threats around Conflict of Interest.

A Certified CMMC Professional will need to provide scoping guidance to Organizations Seeking Certification. Understanding data flow diagrams and how sensitive data transverse your people, processes, and technologies will impact the bottom line.

In this module we will define three levels of scoping, we will then discuss elements of network diagramming, and scoping using a segmented zone approach.

As a CCP, you will want to coach an Organization Seeking Certification on the CMMC Assessment Process. This involves four phases designed to assess an OSC over a period of six to eight weeks.

In this module, we will go through the four phases, identify key levers at each phase, and then build a fictional assessment team.

The Department of Defense (DoD)’s Cybersecurity Maturity Model Certification (CMMC) is the latest step in the DoD’s program to protect controlled unclassified information (CUI), the defense industrial base (DIB), and the DoD’s supply chain.

Controlling access to your network is an essential foundation for security. The domains in this chapter are all intended to help you control access to your networked environment. Controlling access is fundamental to ensuring CUI and other information is appropriately protected.
In this module we’ll examine:

  • Who has access to your network?

  • What systems can be accessed?

  • How is access to information controlled?

  • Where can you confirm your control measures are being effective?

Technology changes and evolves constantly; the specific security measures taken to protect any given technology must also evolve with it. However, one element in the security equation remains constant: the human element. As humans, we have the ability to make mistakes or do something unexpected.

A number of studies have shown that between 50% and 80% of all cybersecurity breaches are caused by human error. This number includes cases where a human was tricked into engaging with a malicious actor without realizing it. Training, awareness, and proper understanding of the risks associated with an activity are all important parts of protecting sensitive information.
In this module we’ll examine:

  • What is the difference between awareness and training?

  • What elements make up a good personnel security plan?

  • How can you apply the findings of security and risk assessments to building a solid security program?

Protecting data isn’t just preventing unauthorized access; it also requires making it available to the people and processes that need it. Indeed, two of the three elements of the CIA triad, Integrity, and Availability, are both descriptive of the timely usefulness of that data.

The domains discussed in this module are all focused on ensuring that the data you have is accessible and useful when it is needed.

In this module we’ll examine:

  • How do you plan for the unexpected, such as a natural disaster?

  • What are the best practices to ensure you can bring backup data online within your own time requirements?

  • What are your options for backing up and recovering stored data?

Into every life, a little rain must fall. In the cybersecurity world, it is a matter of when a breach will occur rather than if it will occur. Indeed, three of the five functions of the NIST Cybersecurity Framework deal with a breach already occurring: Detect, Respond, and Recover.

The domains discussed in this module prepare you to respond to an incident and quickly detect and quantify any events indicating an incident is in progress.

In this module we’ll examine:

  • What are the key elements of an incident response plan?

  • What systems and processes need to be in place before an incident occurs?

  • How do you maintain situational awareness to catch an incident as early as possible?


Enroll for the Certified CMMC Professional (CCP) and Certified CMMC Assessor certification training. Be compliant with the new regulations by learning from the experts.

Register Now Request Information


For questions, email or call (203) 392-7276.