Audio Courses
Mastering NIST SP 800-171 Control Families for CMMC Level 2 — audio course cover
Cybersecurity & Certs

Course · 14 lessons · 2h 27m

Mastering NIST SP 800-171 Control Families for CMMC Level 2

Implement the core NIST SP 800-171 control families, from access control and audit to configuration, media, physical, and system integrity, to satisfy CMMC Level 2.

Start listeningCreated byCybersecurity Maturity Model Certification (CMMC) Unlocked

By the end, you'll be able to

  • Eliminating the Line: Rethinking Basic and Derived Security Requirements in NIST SP 800-171 Revision 3
  • Supporting Documentation and Procedures for Access Control Compliance
  • When Is MFA Really Required? Navigating CMMC, NIST, and Kerberos in Practice
  • Mastering NIST SP 800-171 Audit and Accountability (AU) Controls

Curriculum

14 lessons
  1. 01Eliminating the Line: Rethinking Basic and Derived Security Requirements in NIST SP 800-171 Revision 3This episode unpacks the elimination of the basic and derived security requirement distinction in NIST SP 800-171 revision 3, the assessment methodologies surrounding them, and the practical effects on DoD contractors, especially primes managing supplier risk. Our hosts dive into how the structure of NIST SP 800-171 assessments has evolved, the rationale for the new approach, and what subcontractors and primes alike can expect under the updated rules.11 min
  2. 02Supporting Documentation and Procedures for Access Control ComplianceThis episode explores the essential supporting documents and general procedures needed for the Access Control Family under CMMC. Learn which records are vital, how to structure compliant procedures, and practical tips for streamlined documentation. Hear real-world insights and specific examples from seasoned practitioners and compliance experts.
  3. 03When Is MFA Really Required? Navigating CMMC, NIST, and Kerberos in PracticeEric, Paul, and Roz break down one of the most debated aspects of CMMC 2.0 compliance: when exactly multifactor authentication must be enforced for users and administrators. The team references NIST SP800-171, SP800-53, and practical deployment scenarios—exploring the nuanced requirements around MFA, Kerberos, and different types of system access. Real-world examples and lessons learned bring much-needed clarity to a common challenge in identification and authentication.14 min
  4. 04Mastering NIST SP 800-171 Audit and Accountability (AU) ControlsExplore the Audit and Accountability (AU) domain of NIST SP 800-171 with actionable strategies for compliance in defense contracting. Dive into the essentials of system audit logs, open-source accountability tools, and best practices for working with MSSPs. Learn how to create a robust monitoring program to detect and respond to unauthorized activity while meeting regulatory demands.13 min
  5. 05Configuration Management Essentials for NIST SP800-171Dive deep into the fundamentals of configuration management for NIST SP800-171 compliance. This episode covers why a Configuration Management Plan matters, explores policy requirements, and examines baseline examples for applications, firmware, hardware, and operating systems.14 min
  6. 06Mastering the Maintenance "MA" Family for CMMC Level 2Join Eric, Paul, and Roz as they break down the CMMC Level 2 Maintenance (MA) family: what each control requires, implementation strategies, and special considerations when working with Managed Service Providers. Discover how MA controls intersect with other CMMC families, and how third-party maintenance impacts your compliance journey.10 min
  7. 07Mastering Media Security for CMMC SuccessExplore key strategies for protecting Controlled Unclassified Information across physical and digital media. Learn practical approaches to handling, marking, encryption, and auditing that ensure compliance and safeguard your organization.12 min
  8. 08Lockdown Success Physical Security in CMMCDive into essential physical security controls within CMMC 2.0, from access management to safeguarding support infrastructure. Learn real-world lessons from defense contractors who strengthened facility security and avoided common pitfalls.15 min
  9. 09Securing Access Unlocking Personnel ScreeningExplore the critical personnel security requirements within NIST SP800-171 and CMMC 2.0 Level 2 standards. Learn practical processes for screening, onboarding, and access approvals, and uncover the nuances between standard employment screening and federal background investigations to safeguard Controlled Unclassified Information.12 min
  10. 10Training and Awareness Essentials for NIST SP800-171 ControlsExplore how awareness and training align with NIST SP800-171 security controls. We break down each control, connect them to specific CDSE course catalog options, and discuss assessment objectives crucial for defense contractors and cybersecurity teams.12 min
  11. 11The Power of Acceptable Use Policies for CMMC Level 2Explore how an Acceptable Use Policy (AUP) underpins compliance for CMMC Level 2. We'll break down key NIST SP800-171 requirements that users need to understand, and discuss how communicating policy expectations empowers organizations to enforce controls and drive accountability.10 min
  12. 12CMMC SC Controls: Protecting Boundaries and Data in TransitThis episode breaks down CMMC System and Communications Protection controls, from defining boundaries and separating public-facing systems to enforcing deny-by-default network rules and stopping split tunneling.It also covers secure design, role separation, shared resource protections, and how to safeguard CUI while it moves across networks.15 min
  13. 13CMMC 3.14: System Integrity, Malware Defense, and MonitoringPaul and Roz break down the System and Information Integrity controls in CMMC 3.14.1 through 3.14.7, focusing on flaw remediation, malicious code protection, alert monitoring, scanning, and detecting unauthorized use with assessor-ready evidence.They also connect the requirements to NIST guidance and Appendix D, showing how SI-2, SI-3, and SI-4 map to real-world policies, tools, tickets, and logs.11 min
  14. 14System Security Plan Templates DemystifiedExplore the essentials of the NIST SP800-171 System Security Plan (SSP), the key requirements from NIST SP800-53r5, and recommended sections to create a plan that's truly fit for your organization. We'll break down what must be included, what can be added for clarity, and how to make your SSP a practical tool for security and compliance.

Your instructor

Cybersecurity Maturity Model Certification (CMMC) Unlocked

This podcast contains dialog, voices and materials that are generated by Artificial Intelligence tools, but reviewed and published by the creator. Welcome to CMMC Unlocked, the definitive podcast for defense contractors, cybersecurity professionals, and compliance leaders navigating the complex world of the Cybersecurity Maturity Model Certification (CMMC). Hosted by a seasoned Certified CMMC Assessor and Instructor with years of hands-on experience in assessments, gap analyses, and implementation services, this series pulls back the curtain on what it really takes to achieve and maintain CMMC compliance. This podcast contains dialog, voices and materials that are generated by Artificial Intelligence tools, but reviewed and published by the creator. Each episode dives deep into the practical realities of CMMC—from interpreting the latest updates from the DoD and Cyber-AB, to demystifying assessment criteria, to sharing real-world lessons learned from the field. Whether you're a small business just starting your compliance journey or a prime contractor preparing for a Level 2 assessment, this podcast delivers actionable insights, expert interviews, and strategic guidance to help you succeed. What You’ll Learn: How to prepare for a CMMC assessment (and what assessors are really looking for) Common pitfalls and how to avoid them Implementation strategies that work for organizations of all sizes Updates on CMMC rulemaking, timelines, and policy changes Stories from the field: anonymized case studies and lessons learned Why Listen? Because compliance isn’t just about checking boxes—it’s about protecting our national defense supply chain. And no one understands that better than someone who’s been in the trenches, guiding organizations from uncertainty to certification.
Visit Cybersecurity Maturity Model Certification (CMMC) Unlocked

Start the course

14 lessons · 2h 27m. Free, no signup.

Start listening

More in Cybersecurity & Certs

See all
CMMC 2.0 Foundations: Rules, Timelines, and CUI Basics for Defense Contractors — Cybersecurity Maturity Model Certification (CMMC) Unlocked

CMMC 2.0 Foundations: Rules, Timelines, and CUI Basics for Defense Contractors

Cybersecurity Maturity Model Certification (CMMC) Unlocked

Understand the CMMC 2.0 program, its rulemaking and enforcement timeline, and how to identify and handle Controlled Unclassified Information across your defense contracts.

10 lessons · 58 minStart
CMMC Assessment, Risk, Incident Response, and Legal Liability — Cybersecurity Maturity Model Certification (CMMC) Unlocked

CMMC Assessment, Risk, Incident Response, and Legal Liability

Cybersecurity Maturity Model Certification (CMMC) Unlocked

Prepare for CMMC assessment and certification while building risk management, incident response, and documentation practices that withstand audit and legal scrutiny.

14 lessons · 1h 29mStart
Cybersecurity Essentials for Small Businesses — How Secure Is Your Business - Really?

Cybersecurity Essentials for Small Businesses

How Secure Is Your Business - Really?

After this course you can put core cybersecurity controls in place for a small business: access control, data protection, incident response, and network security.

12 lessons · ~2h 36mStart
Vulnerability Management: Patching, Prioritization, and CVE Trends — It's all about Vulnerabilities

Vulnerability Management: Patching, Prioritization, and CVE Trends

It's all about Vulnerabilities

After this course you can run a vulnerability management program, prioritize patching, and track emerging CVE and zero-day threats.

6 lessons · 1h 20mStart