Highground Cyber

Highground Academy

Your All-Access Course for Implementing CMMC

Join a Cohort
100+ Videos
Monthly Office Hours with the Highground Team
Access to a Community of Peer Organizations Seeking Compliance
Outcome-Driven Learning Paths

Get Real Answers On The Assessment Process

View the preliminary content before making a commitment. Cut through the chatter and complexity on CMMC and get the important questions answered with topics like:
?
What Level of CMMC Applies to Me? (I, II, III)?
?
Valid & Invalid Business Cases for CMMC Compliance
?
What this Course Accomplishes, and Why It Matters
?
Assembling Your Team & The Skills Required
?
Key Decision-Points You Will Face (And Who Makes Them)
?
All-in or Enclave? Which is Best?
Estimated Completion Time: 2 Hours

Real Guidance

Get a taste of the compliance outcomes and knowledge your cohort will achieve as you progress through this academy
01

The Contract Scavenger Hunt

Conquer Your Contract Requirements

Completion Time: 2 Weeks

Assignments: 3 Guided Exercises

Description

Get the crash course on the CMMC legal jargon and understand the common trigger points and business relationships that cause your requirements. Get let in on some of the common "gotchas" used for enforcement actions - and elevate your ability to proactively navigate and negotiate the consequences of your contract requirements in the future.

Completion Criteria

You finish this course with a completed inventory of your current contracts and their explicit and implicit CMMC requirements on your organization

I
Federal Contract Vehicles
I
Systems Security vs Information Security
I
Requirement Flowdowns when Sub-Contracting
I
Identifying Federal Contract Information
I
Litigation and Penalties for Non-Compliance
I
Jargon: FCA, 32 CFR, DFARS, SPRS
I
Your Options for Pushing Back on Requirements
02

The Data Scavenger Hunt

Uncover all Aspects of Your Organization Handling CUI

Completion Time: 8 Weeks

Assignments: 2 Guided Exercises

Description

Understand all things CUI is and how it gets defined, and immediately apply this newfound knowledge to the operations in your organization which produce outcomes for contracts with CMMC requirements. Overcome many of the myths and misconceptions about CUI and FCI that derail assessments and cause legal problems for organizations who get it wrong.

Completion Criteria

You will finish this course with documentation on all operational processes for contracted work including their CUI inputs and outputs

II
Identifying Controlled Unclassified Information (CUI)
II
Mapping Your Workflows Like an Assessor
II
Recognizing CUI Processing, Storage and Transmission
II
Key Concept: Physical vs Digital CUI Practices
II
CUI Training and Creating Internal Roles and Responsabilities
03

The Company MRI Scan

Discover the Current Scope of Your CUI Security Domain

Completion Time: 4 Weeks

Assignments: 2 Guided Exercises

Description

Learn to create comprehensive views of systems, tools, people and facilities in a navigable fashion that correctly establishes who and what has been "stained" by CUI. Clearly see your current CUI boundaries in a culmination of the lessons and work product of previous modules.

Completion Criteria

You will finish this course with a comprehensive map of your systems, people, and facilities that have both intended and unintended CUI responsibilities - thereby placing them within scope of a CMMC certification assessment. This is the prerequisite to declaring your CUI Security Domain scope and managing it toward an ideal and intentional end state that is ready for assessment.

III
Creating Your Asset Inventories
III
Assessment and Certification Boundaries
III
CUI Assets
III
Security Protection Assets
III
Specialized Assets
III
Out-of-Scope Assets
III
Risk Managed Assets
Plus Many More Courses