USA
Canada 
China 
France 
Germany 
India 
Italy 
Mexico 
Middle East 
Singapore 
Spain 
Thailand 
Certified CMMC Professional (CCP)
CMMC
Omnex is a CMMC 2.0 Registered Practitioner Organization (RPO) by CYBER AB
Omnex is a Licensed Training Provider (LTP) and is authorized to provide CMMC programs
CMMC is established from NIST standards (NIST 800-171), the Department of Defense, and the greater security community
There are 3 different levels of security requirements with CMMC. What you need is dependent on your contract language and is based on the sensitivity of the data involved. CMMC does not only apply to DoD contractors; it applies to their external service providers and any solution that process, stores or transmits sensitive data as part of the contract.
CMMC will be required for the Defense Industrial Base (DIB) which includes an estimated 300,000 contractors and subcontractors
Once codified into law, every DoD contract will list the level of CMMC compliance required for that contract. All bidders will have to achieve that level and have proof of attestation or self-certification before they can be awarded the contract.
What is CMMC?
Cybersecurity – and the protection of sensitive information throughout the supply chain, is a top priority for the Department of Defense. The DoD’s response to this top priority is CMMC.
The Defense Industrial Base (DIB) is the target of continuous and increasingly complex cyberattacks. To protect this important information, the DoD developed CMMC 2.0 to increase DIB cybersecurity to meet continuously changing threats and safeguard the information that supports and enables our nation.
The Cybersecurity Maturity Model Certification (CMMC) program enhances cybersecurity protection standards for individuals and organizations in the DIB. It is designed to protect sensitive information that is shared by the Department with its contractors and subcontractors. The CMMC program incorporates a set of cybersecurity requirements that provides the Department increased assurance that contractors and subcontractors are meeting these strict requirements.
The framework has three key features:
CMMC requires that organizations and individuals given national security information implement cybersecurity standards at progressively advanced levels, depending on the type and sensitivity of the information shared. The program also establishes the process for information flow down to subcontractors.
CMMC assessment requirements allow the Department to verify the use and implementation of clear cybersecurity standards in participating organizations.
Once CMMC is fully implemented, certain DoD contractors that handle Controlled Unclassified Information (CUI) will be required to achieve a particular CMMC level as a condition of contract award.
| CMMC Level | CMMC Practice |
|---|---|
| Level 1 | Basic Cyber Hygiene (FCI) |
| Level 2 | Intermediate Cyber Hygiene (CUI) |
| Level 3 | Advanced Cyber Hygiene (Critical Systems) |
What is the purpose of CMMC?
The purpose of CMMC 2.0 is to safeguard sensitive national security information shared by the Department of Defense (DoD). This complex framework is required to protect the defense industrial base from increasingly frequent and complex cyberattacks. With its streamlined requirements, CMMC 2.0:
- Reduces difficulties for small and medium sized businesses with a tiered approach
- Sets priorities for protecting the DoD’s most important information
- Strengthens cooperation between the DoD and industry in addressing evolving cyber threats
Who is CMMC for?
CMMC applies to anyone in the defense contract supply chain or anyone with a CMMC requirement in their contract. This includes contractors who engage directly with the Department of Defense and subcontractors contracting with organizations to fulfill and/or execute those contracts. If your organization currently works with the DoD, supplies an organization working with the DoD, or you would like to soon be able to do either of those activities, you need CMMC.
CMMC and Cybersecurity Training Available:
CMMC Training:
Cybersecurity Training:
- Understanding the Requirements of ISO/IEC 27001:2013 (IT Security)
- ISO/IEC 27001:2013 Internal Auditor Training (IT Security)
- ISO/IEC 27001:2013 Lead Auditor Training (IT Security)
- Understanding the Requirements of VDA ISA TISAX and ISO/IEC 27001:2013
- VDA ISA TISAX and ISO/IEC 27001:2013 Internal Auditor Training for Information Security Management Systems
- VDA ISA TISAX and ISO/IEC 27001:2013 Lead Auditor Training for Information Security Management Systems
- SAE J3061, ISO/SAE 21434, and Related Standards: Automotive Cybersecurity Executive Overview
- SAE J3061, ISO/SAE 21434, and Related Standards: Overview for Functional Safety Engineers & Managers
- SAE J3061 and ISO/SAE 21434 Automotive Cybersecurity Certification
- SAE J3061 and ISO/SAE 21434 Automotive Cybersecurity Auditing and Assessment Certification
- SAE J3061 and ISO/SAE 21434 Cybersecurity Threat Analysis and Risk Assessment (TARA)
- SAE J3061 and ISO/SAE 21434 Conducting a Cybersecurity FMEA and Vulnerability Analysis Testing for Systems, Hardware and Software
- SAE J3061 and ISO/SAE 21434 Cybersecurity Engineering Defense & Protection Against Attacks
- Preparing a Cybersecurity Case
- Introduction to Autonomous and Electric Vehicles: A Functional Safety, SOTIF, and Cybersecurity Perspective
- Introduction to Systems Engineering: A Safety and Cybersecurity Perspective
- Writing Effective Requirements, Test Cases, and H/S Interfaces for Cybersecurity
- WP.29, ISO/SAE 21434 and VDA CSMS – Auditing Automotive Cybersecurity Management Systems
- Information Security Awareness Training
