CMMC course supports defense contractors and cyber pros
Emory’s new Cybersecurity CMMC course promises to boost local industry in its efforts to support the national defense agenda, while also empowering local cyber professionals to keep up with the latest government requirements.
The Cybersecurity Maturity Model Certification, CMMC, is a system of compliance levels that helps the government know whether an organization has the security in place necessary to work with controlled data. It’s required for those doing business with the U.S. Department of Defense.
“There are over 9,000 defense contractors in the state of Georgia,” said Jeffery Alejandro, senior manager of Emory Corporate Learning. “This course is part of our commitment to going even further with economic development, by helping to upskill the people who are doing this work.”
The DoD requires CMMC for anyone who sends electronic information or receives payment for services rendered. Under DoD guidelines, contractors need to have an audit proving that they're hosting a secure network in compliance with CMMC.
This doesn’t only apply to the big weapons and aircraft makers. “They are only a small percentage of the defense contractor base here,” Alejandro said. “This is food and beverage companies: Coca Cola is one of the largest defense contractors out there! It’s places like US Foodservice and Mayfield Dairy Farms. It’s anyone who has any contact with anything related to the U.S. military or defense.”
In the Atlanta area, “this industry is not just protecting our national security. It’s protecting the economy of the State of Georgia,” said Greg McVerry, chief learning office and curriculum developer for CyberDI, which developed the curriculum that Emory is using. “That means there will be tremendous local demand for CMMC assessors, as well as for those who can implement CMMC,” he said. “This course addresses both of those needs. Students can get certified to become implementors, and they can put themselves on the path to becoming CMMC assessors.”
CMMC builds upon National Institute of Stands (NIST) cyber strategies and includes controls from other cybersecurity frameworks. The wide-ranging course curriculum touches on a number of key topics including:
- Securing sensitive data — CMMC compliance requires the protection of both Federal Contract Information and Controlled Unclassified Information. Understanding how this data works helps ensure CMMC compliance.
- Cybersecurity ethics — Compliance with the emerging guidance will depend in part on an understanding of ethics and how they play out in the specific policies of CMMC, including malicious and accidental internal threats around Conflict of Interest.
- Knowing your scope — A Certified CMMC Professional will need to provide scoping guidance to Organizations Seeking Certification (OSC). This module will define three levels of scoping, to help cyber professionals understand data flow diagrams and how the movement of sensitive data will impact the bottom line.
“CMMC really raises the bar on what people may already be doing,” Alejandro said. “There’s a higher level of accountability, with regular reporting to DoD and frequent audits to ensure there are no new breaches in their systems.”
As one of the first in the nation and the only institution in Georgia to offer this training, Emory Continuing Education and Corporate Learning are pioneers in CMMC training. At the end of the five-week course students receive a certificate from Emory that allows them to sit for the CMMC certification exam, which Alejandro promises to give students a significant career boost. “Many organizations that in the past have not had dedicated cyber professionals on staff will now need CMMC certified practitioners,” he said. “This is a new certification that just went live in January, and I expect we’re going to see a significant increase in the number of positions that call for this.”
Emory’s offering is based on DoD’s CMMC 1.0 curriculum, and while the defense community is developing a 2.0 offering, McVerry said it makes sense to jump in now. “The present offering is more comprehensive than the proposed version," he said, meaning that those who take the Emory course will be well-positioned to pass an exam based on the 2.0 curriculum. Moreover, delay may be costly from a career perspective, while starting down the road to CMMC now will offer distinct advantages. “We don’t know when 2.0 is going to be approved,” he said, “and in the meantime, taking the course now will give cyber professionals a first-to-market advantage.”
Learn more about our Cybersecurity CMMC course.
Emory University Academic Innovation works with changemakers across the university to explore new ideas, to learn new skills and ways of working, and to harness the power of innovation and entrepreneurship.