CMMC 2.0

The release of CMMC 2.0 from the Department of Defense hasn’t changed what Edwards has to offer our CCP Exam Prep Course participants. The CMMC-AB has directed all LTPs to deliver CCP courses without modification, and will provide a free CMMC 2.0 “delta training” for all students before the exam becomes publicly available.

Anticipated improvements will address the new model – but our CCP courses are in full swing and delivering EVERY BIT OF VALUE you would expect from Edwards Performance Solutions!

JOY BELAND, CISM, SSAP, CMMC-AB Provisional Assessor, Provisional Instructor, is the CMMC Program Manager for Edwards Performance Solutions, delivering live training for all areas of CMMC, as well as an active participant of the Commercial Cybersecurity Assessment Team. Before joining Edwards, Joy served the MSP community as a cybersecurity education instructor, educating 3,000+ on cybersecurity fundamentals from 2019-2020. In addition to her facilitation experience, Joy owned a successful MSP in Los Angeles for 21 years.

BRIAN HUBBARD, CISM, CMMC-AB Provisional Assessor, Provisional Instructor, brings 35+ years of cybersecurity program management experience to his role as Director of Commercial and Cybersecurity business at Edwards Performance Solutions. Brian leads Edwards’ CMMC initiatives, supporting organizations in their preparation for CMMC assessments, as a CMMC-AB Registered Professional (RP). Prior to joining Edwards, Brian led the contractor team supporting NIST in the development of the "Framework for Improving Critical Infrastructure Cybersecurity" (i.e., the NIST Cybersecurity Framework) in response to Executive Order 13636.

JACOB HORNE, CISSP, CDPSE, CMMC-AB Provisional Assessor, Provisional Instructor*, is the Chief Security Evangelist for Summit 7 Systems where he specializes in helping customers, partners, and the broader defense industrial base understand how security and process can improve business operations. As a former NSA intelligence analyst and U.S. Navy cryptologic technician, Jacob has over 14 years of experience in offensive and defensive cybersecurity operations. As a civilian he has led cybersecurity compliance and engineering teams at AT&T, Northrop Grumman, and the NIST Manufacturing Extension Partnership (MEP).

AMIRA ARMOND, CISSP, CISA, CMMC-AB Provisional Assessor, Provisional Instructor, has 20 years’ experience in operating highly secure military networks with strong and repeatable processes. She is a founder of the C3PAO Stakeholder Forum, an industry group which focuses on standardizing assessment procedures and interpretations among C3PAOs. Amira has been an active voice in CMMC through her blog at cmmcaudit.org, a source of free resources and training for CMMC preparation. Amira is a CMMC Provisional Assessor, CMMC Provisional Instructor, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), and Project Management Professional (PMP). Students will appreciate her deep understanding of CMMC practices and processes, scoping and boundaries, proving inheritance, and regulatory requirements for CUI.

SARA DEATON, CMMC-AB Provisional Assessor, Provisional Instructor, has 30 plus years experience in the commercial and defense industry. She was first introduced to cybersecurity when working as the sole mission assurance engineer on an FMS Weapon System development effort. Since then, Sara has been involved with cybersecurity activities. She has a BS degree in Applied Mathematics and a MS degree in Systems Engineering (Operations Research). Sara has extensive experience as an instructor. She owns and operates a small business called Atomic Wombat Inc, that focuses on CMMC, CMMI, Quality Assurance, and Process Improvement. Atomic Wombat is located in Huntsville, Alabama.

TONY BUENGER, CMMC-AB PA, PI | CCISO, CISSP, CISM, CGEIT has over 25 years of experience in information technology and cybersecurity. Tony was previously with Redspin and co-lead the effort to become the first Authorized CMMC 3rd Party Assessment Organization (C3PAO). Tony is now employed with SecureStrux, LLC as the Practice Lead for Risk and Compliance. Tony is an experienced instructor within the cybersecurity profession fulfilling roles such as full-time military faculty teaching master degree level information security courses at the National Defense University, adjunct instructor and co-developer of the master degree level cyber security program at Auburn University-Montgomery, and lead faculty chair for cyber security and networking at the University of Phoenix.

What is CMMC 2.0?

The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the defense industrial base. While the CMMC Standard was created for the Defense Supply Chain, there are many other government agencies and allies of the United States interested in using the CMMC Standard.

The standard is overseen by the CMMC Accreditation Body (CMMC-AB). The CMMC-AB establishes and oversees a qualified, trained, and high-fidelity community of consultants and assessors who can deliver consistent and informative assessments to participating organizations against a defined set of controls/best practices within the CMMC Program. The CMMC 2.0 Model itself is created and managed by both CMMC-AB and the DoD.

The CMMC will review and combine various cybersecurity standards and best practices and map these controls and processes across several maturity levels that range from basic cyber hygiene to advanced.

Edwards & the CMMC Ecosystem

Edwards plays a role in nearly every aspect of the Cybersecurity Maturity Model Certification (CMMC) ecosystem — training and education, consulting, assessments, and certification. Currently, Edwards supports Organizations Seeking Certification (OSC) as a Registered Provider Organization (RPO) and candidate Certified Third Party Assessment Organization (C3PAO), providing CMMC-AB approved assessments, consulting, and audit preparation through our proprietary Compliance Assessments. We are also Licensed Training Provider (LTP) and Licensed Partner Publisher (LPP), developing training and providing CMMC-AB certified classes to organizations and individuals planning to take CMMC-AB certification exams or utilize other LPP curriculum. Check out our CMMC FAQ page for more in-depth answers to all your CMMC questions!

CMMC will start to appear in upcoming statements of work once federal rule-making is complete (estimated 9-24 months; August 2022-November 2023), and it is critical to prepare for compliance now. High formal assessment demand means you must be prepared to pass the first time or risk being waitlisted – potentially foregoing large DoD contract opportunities. CMMC compliance will be a go-no-go decision gate at the time of the contract award.

Our team of cybersecurity experts brings more than a half century’s worth of deep understanding and experience in assessing and interpreting standards, guidelines, and best practices to improve cybersecurity programs.

CMMC QUICK FACTS

✅ CMMC draws from NIST standards, the DoD, and the international security community; CMMC 2.0 focuses entirely on NIST 800-171 security safeguards

✅ One size does not fit all – different levels of security are necessary, depending on the contract and sensitivity of the data involved

✅ CMMC 2.0 won’t appear in contracts until rulemaking is decided (estimated 9-24 months; August 2022-November 2023)

✅ CMMC includes the entire DoD industrial base – approximately 300,000 contractors and subcontractors

✅ CMMC-AB LPPs and LTPs are authorized to develop and train OSCs in various CMMC certification and informational courses

CMMC EDUCATION & CERTIFICATION

Working towards self-attestation or formal certification within the CMMC ecosystem can be a daunting task for any organization. This is where the need for various training and education can make a world of difference in understanding the CMMC Model, best practices, and the ability to apply concepts around protecting information. It is critical to have a solid comprehension of the legal and regulatory guidance as it pertains to the Department of Defense’s (DoD) Cybersecurity posture.

As a CMMC-AB Licensed Partner Publisher (LPP) and Licensed Training Provider (LTP), Edwards produces quality training materials for other LTPs or Organizations Seeking Certification (OSC).

The CMMC-AB Approved Training Materials (CATM) are developed by internal and external CMMC cybersecurity rockstars who bring a dynamic blend of real-world NIST assessment and consulting experience. Our highly sought-after CMMC courses and boot camps are taught by our team of world-class Provisional Instructors – the industry’s most respected CMMC experts. It is no surprise that the quality and professionalism of our curricula set the bar in the CMMC training ecosystem, as our courses are created using Edwards’ instructional systems design approach based on industry standards – and have been for 23+ years.

Our online courses and accompanying course materials are updated continuously to provide the most accurate and recent CMMC information, but if certification boot camps are not a right fit for you we offer SME-led CMMC peer groups and ongoing study groups. We aim to provide flexible learning at the click of a button – delivering an accessible way to enhance and develop CMMC expertise. We also offer customized training and discounts for multiple seat purchases; inquire to learn more!

VIEW CURRENT COURSES >

CMMC-AB COURSES ARE IN FULL SWING!!

Your CMMC certification journey begins with a solid foundation. Our CMMC-AB approved 5-day CCP course provides a comprehensive look at the CMMC 2.0 standard and prepares participants to perform as effective CMMC assessors, implementers, and consultants. With our team of world-class Provisional Instructors with decades of experience, participants can expect a well-rounded view of CMMC.

To add even more value, we offer a free weekly study group for all CCP participants who complete the Edwards course, continuing until the CCP exam is available. Enroll in a session today!

CMMC CONSULTING & ASSESSMENTS

To continue work with the government, organizations will be required to either self-attest to 800-171 safeguards at Level 1/Level2, or must be certified at CMMC Maturity Level 2 or Level 3 depending on contract requirements, but most aren’t sure where to start. The CMMC-AB created the RPO certification to provide OSCs confidence in their consultant selection for both quality and knowledge of CMMC concepts to get the job done. C3PAOs are the only organizations authorized to conduct official CMMC assessments against security practices of Maturity Level 1 or Level 2 designated by the CMMC-AB. If your government contract requires Level 3, a C3PAO will be required to assess and recommend a Level 2 award prior to a DIBCAC Level 3 assessment.

As an RPO and C3PAO, Edwards is equipped to provide advisory CMMC Level 1 or Level 2 consulting services and support, as well as pre-certification assessments to establish a CMMC plan of action. OSCs should work with an RPO or candidate C3PAO to prepare for either certification; however, you cannot engage with the same C3PAO for both pre-assessment consulting services and the actual CMMC assessment. All verified RPOs and candidate C3PAOs are listed on the CMMC-AB Marketplace. Our goal is to advise DoD suppliers on how to best prepare for a successful CMMC assessment and enforce the maturity levels designed by the CMMC-AB.

Our team of cybersecurity experts brings more than a half century’s worth of understanding and experience in assessing and interpreting standards, guidelines, and best practices to improve cybersecurity programs. Edwards has actively conducted NIST 800-171 assessments since 2015, and as an organization was an early entrant into the CMMC ecosystem. Edwards is here to assist you on your CMMC journey!

CMMC ASSESSMENTS

To continue work with the government, companies must be certified at an appropriate level of maturity against the CMMC, but many companies need help determining where to start.

Our approach is designed to be affordable and provide you with exactly what you need to do in preparation for a CMMC audit. At this time, Edwards offers a NIST 800-171 Assessment, mapped to the CMMC model, with varying levels of consulting support. Edwards continues to increase our offerings as the DoD provides more CMMC compliance information. Contact us at Info@EdwPS.com for more information.

CMMC Quick Look Assessment Website Graphic

CMMC TIMELINE

MEET THE TEAM

Our Cybersecurity Team brings more than ten decades of combined cybersecurity experience in assessing and interpreting NIST, CIS, HIPAA and ISO 27001 standards and guidelines. Our expert management and implementation of security programs throughout the government, commercial, and healthcare industries is well respected and far reaching. Meet our team to see why!

Brian Hubbard

Director, Commercial and Cybersecurity

CISM ⚬ PMP ⚬ PA ⚬ PI

Brian Hubbard brings 35+ years of cybersecurity program management experience to his role within Edwards Performance Solutions. Brian leads all Commercial business and cybersecurity engagements, including CMMC initiatives, supporting organizations in their CMMC knowledge and preparation. Prior to Edwards, Brian led the contractor team supporting NIST in the development of the “Framework for Improving Critical Infrastructure Cybersecurity” (i.e., the NIST Cybersecurity Framework) in response to Executive Order 13636.

Sam Bell

CMMC Assessment Program Manager

PMP ⚬ SSCP ⚬ RP

Sam Bell leverages 36+ years of IT and project management experience in managing data warehouse, call center, reporting, and security infrastructure and assessments projects. His focus on process improvement ensures a consistent, repeatable, and measurable approach is taken to deliver value and a secure operating environment for clients. At Edwards, Sam oversees the Cybersecurity Assessments practice, leading NIST 800-53, HIPAA, NIST CSF, and CMMC readiness assessments for firms of all sizes, across diverse industries.

Joy Beland

CMMC Training Program Manager

CISM ⚬ SSAP ⚬ PA ⚬ PI

Joy Beland joined Edwards in 2020. Joy founded and managed a successful security-focused MSP practice for 21 years, then pivoted to serve the MSP community as a cybersecurity instructor. After educating 3,000+ Engineers and Development Reps on cybersecurity fundamentals, Joy joined forces with Edwards and is now responsible for managing and delivering all aspects of CMMC-AB approved certification training. She is also an active participant of the Commercial Cybersecurity Assessment Team.

Marcellus Williams

Sr. Penetration Tester

CEH Master ⚬ Security+ ⚬ CCNA ⚬ CISSP

Marcellus Williams joined Edwards Performance Solutions in 2020 and works concurrently as a Network Analyst in the United States Army Reserves. In addition to 10+ years of penetration testing experience, he holds a Bachelor’s Degree in Computer Science and a Master’s Degree in Computer Information Assurance. Prior to Edwards, he worked at the DoD where he was tasked to emulate Nation State hackers and Advanced Persistent Threats (APTs).

Matt Hoeper

Sr. Cybersecurity Consultant

PMP ⚬ CISSP

Matt Hoeper is an experienced cybersecurity professional with 25+ years of IT experience. Matt holds a Master’s degree in Management Information Systems as well as PMP and CISSP certifications. Prior to joining Edwards, he worked for Fortune 500 companies and small businesses in areas of engineering, financial, marketing, supply chain, manufacturing, and health care. Over his career, Matt has conducted security assessments against multiple standards.

Joe Stoner

Cybersecurity Consultant

CEH ⚬ CySA+

Joe Stoner is an IT and cybersecurity professional at Edwards with 6+ years of experience, focusing on computer administration and network/system security. Since joining Edwards in 2014, Joe has conducted security risk assessments for clients, using multiple standards and frameworks (i.e., NIST 800-53, 800-171, CSF, and ISO 27001), provided cybersecurity services to mature client security postures, and developed/implemented procedures to meet security goals.

Tyler Gormus

Cybersecurity Consultant

CEH ⚬ PA*

Tyler Gormus joined the Edwards Cybersecurity Team in 2018. He provides experience in conducting security risk assessments for clients in using multiple standards and frameworks (i.e., NIST 800-53, 800-171, CSF, and ISO 27001), interviewing appropriate stakeholders, and implements an easy to use/costeffective approach for customers working toward compliance. Tyler also holds a Bachelor’s degree in Secure Computing and Information Assurance.

Want More?

Check out our other solutions – Enterprise Management, IT Solutions, Training & Development, and Cybersecurity.

INTERESTED IN MORE CMMC RESOURCES?

Learn to meet cybersecurity business goals and organizational priorities, while connecting with the best in the business.

LEARN MORE ›

LET’S TALK!

We are ready to take on your unique challenges to help you achieve success.

Start the conversation today!