AICPA logo
AICPA logo
  • Home
Introduction to the Cybersecurity Maturity Model Certification (CMMC) Framework

Introduction to the Cybersecurity Maturity Model Certification (CMMC) Framework

This webcast is an overview of the Cybersecurity Maturity Model Certification (CMMC) framework, created by the US Department of Defense (DoD) to measure cybersecurity maturity of Defense Industrial Base (DIB) contractors. Attend this webcast as a first step in learning about CMMC and gain a thorough understanding of core elements that make up the framework.

Do you have an AICPA membership? Log in to apply your member discount.



NASBA Field of Study

Information Technology



CPE Credits



Troy Fine, Matt Gilbert


3 months

Product Number


 Part of Webcast Pass
 Business & partner 
Product Details

Malicious cyber actors have targeted, and continue to target the Defense Industrial Base (DIB) sector and supply chain of the Department of Defense (DoD).

The aggregate loss of intellectual property and certain unclassified information from the DoD supply chain can undermine U.S. technological advantages and innovation, and significantly increase risk to national security.

The CMMC model was created by DoD stakeholders to provide a cybersecurity maturity framework based on processes and practices aligned to the type and sensitivity of information required to be protected.

By 2026, all DIB contractors will be required to be CMMC certified by a Certified Third-Party Assessment Organization (C3PAO). This webcast will provide an overview of the CMMC model and its critical components. Participants will learn about how the CMMC model impacts DIB contractors and how contractors can start preparing.

Key Topics

  • CMMC Framework
  • CMMC Processes and Practices
  • DFARS Interim Rule
  • NIST 800-171
  • CMMC Ecosystem

Learning Outcomes

  • Identify the key components of the CMMC framework.
  • Distinguish between the different stakeholders and types of organizations that make up the CMMC ecosystem (C3PAO, CA, CP, RPO, RP, etc.).
  • Recognize the differences and similarities between NIST 800-171 and the CMMC framework.
  • Identify the key DFARS clauses that pertain to the DIB sector.

Who Will Benefit

  • Internal auditors that work for companies included in the DIB sector.
  • Professionals interested in learning about how CPA firms can assist the DIB sector in complying with CMMC requirements.
More Details
NASBA Field of Study
Information Technology
This is a digital product. With full paid access the content will be available to you for 3 months after purchase date.
1 hr and 15 mins
Do you have an AICPA membership? Log in to apply your member discount.

Group ordering for your team

2 to 5 registrants

Save time with our group order form. We’ll send a consolidated invoice to keep your learning expenses organized.

Start order

6+ registrants

We can help with group discounts. Call us at 1-800-634-6780 (option 1) or email us at

Contact us
Troy Fine
Troy joined Schneider Downs in 2011. Troy is a Senior Manager in Schneider Downs’s IT Risk Advisory practice and, as a CMMC Provisional Assessor, leads Schneider Downs’ CMMC practice unit. Schneider Downs is a C3PAO and currently provides CMMC consulting services to DIB contractors looking for assistance in preparing for CMMC certification assessments. Troy’s area of expertise includes cybersecurity assessments (NIST Cybersecurity Framework and SOC for Cybersecurity), NIST 800-171, SOC 1 examinations, SOC 2 examinations, SOC 2 + examinations, Sarbanes-Oxley Section 404 compliance, HITRUST assessments, HIPAA assessments, ISO 27001 assessments and third-party risk management assessments. He has experience in a variety of industries including banking, cloud computing and software-as-a-service (SaaS), higher education, financial services, healthcare, manufacturing, and not-for-profit sectors.
Matt Gilbert
Matt is a principal in Baker Tilly's risk advisory practice and CMMC Provisional Assessor. Matt joined Baker Tilly in 2020 and previously worked in PwC’s risk assurance practice for 18 years. Matt leads Baker Tilly’s Cybersecurity Maturity Model Certification (CMMC) and Government Contractor IT Risk suite of services. Baker Tilly is a C3PAO candidate and has been helping numerous contractors get ready for CMMC. He has led IT audits and cybersecurity assessments for large primes down to smaller 8A contractors. Matt’s expertise includes internal auditing, SOX compliance, information technology controls, business process controls, and ERP risk and controls. Examples of these engagements include CMMC Readiness assessments, 800-171 implementation projects, 800-53 based reviews, IT Risk assessments, Sarbanes-Oxley compliance, internal audit, pre- and post-implementation assessments, and privacy assessments for clients.

The Association is dedicated to removing barriers to the accountancy profession and ensuring that all accountancy professionals and other members of the public with an interest in the profession or joining the profession, including those with disabilities, have access to the profession and the Association's website, educational materials, products, and services.The Association is committed to making professional learning accessible to all product users. This commitment is maintained in accordance with applicable law. For additional information, please refer to the Association's Website Accessibility Policy. As part of this commitment, this product is closed-captioned. For additional accommodation requests please contact and indicate the product that you are interested in (title, etc.) and the requested accommodation(s): Audio/Visual/Other. A member of our team will be in contact with you promptly to make sure we meet your needs appropriately.

Ratings and reviews

Cancellation Policy
View our Cancellation policy here
Introduction to the Cybersecurity Maturity Model Certification (CMMC) Framework
This product is not available at the moment.

Related content