Highground Academy

Your All-Access Course for Implementing CMMC

100+ Videos
Monthly Office Hours with the Highground Team
Access to a Community of Peer Organizations Seeking Compliance
Outcome-Driven Learning Paths

Get Real Answers On The Assessment Process

View the preliminary content before making a commitment. Cut through the chatter and complexity on CMMC and get the important questions answered with topics like:

What Level of CMMC Applies to Me? (I, II, III)?

Valid & Invalid Business Cases for CMMC Compliance

What this Course Accomplishes, and Why It Matters

Assembling Your Team & The Skills Required

Key Decision-Points You Will Face (And Who Makes Them)

All-in or Enclave? Which is Best?

Estimated Completion Time: 2 Hours

Request Access

Real Guidance

Get a taste of the compliance outcomes and knowledge your cohort will achieve as you progress through this academy

The Contract Scavenger Hunt

Conquer Your Contract Requirements

Completion Time: 2 Weeks

Assignments: 3 Guided Exercises

Description

Get the crash course on the CMMC legal jargon and understand the common trigger points and business relationships that cause your requirements. Get let in on some of the common "gotchas" used for enforcement actions - and elevate your ability to proactively navigate and negotiate the consequences of your contract requirements in the future.

Completion Criteria

You finish this course with a completed inventory of your current contracts and their explicit and implicit CMMC requirements on your organization

Federal Contract Vehicles

Systems Security vs Information Security

Requirement Flowdowns when Sub-Contracting

Identifying Federal Contract Information

Litigation and Penalties for Non-Compliance

Jargon: FCA, 32 CFR, DFARS, SPRS

Your Options for Pushing Back on Requirements

The Data Scavenger Hunt

Uncover all Aspects of Your Organization Handling CUI

Completion Time: 8 Weeks

Assignments: 2 Guided Exercises

Description

Understand all things CUI is and how it gets defined, and immediately apply this newfound knowledge to the operations in your organization which produce outcomes for contracts with CMMC requirements. Overcome many of the myths and misconceptions about CUI and FCI that derail assessments and cause legal problems for organizations who get it wrong.

Completion Criteria

You will finish this course with documentation on all operational processes for contracted work including their CUI inputs and outputs

Identifying Controlled Unclassified Information (CUI)

Mapping Your Workflows Like an Assessor

Recognizing CUI Processing, Storage and Transmission

Key Concept: Physical vs Digital CUI Practices

CUI Training and Creating Internal Roles and Responsabilities

The Company MRI Scan

Discover the Current Scope of Your CUI Security Domain

Completion Time: 4 Weeks

Assignments: 2 Guided Exercises

Description

Learn to create comprehensive views of systems, tools, people and facilities in a navigable fashion that correctly establishes who and what has been "stained" by CUI. Clearly see your current CUI boundaries in a culmination of the lessons and work product of previous modules.

Completion Criteria

You will finish this course with a comprehensive map of your systems, people, and facilities that have both intended and unintended CUI responsibilities - thereby placing them within scope of a CMMC certification assessment. This is the prerequisite to declaring your CUI Security Domain scope and managing it toward an ideal and intentional end state that is ready for assessment.

III

Creating Your Asset Inventories

III

Assessment and Certification Boundaries

III

CUI Assets

III

Security Protection Assets

III

Specialized Assets

III

Out-of-Scope Assets

III

Risk Managed Assets

Plus Many More Courses