DFARS Cybersecurity Virtual Classroom

How to comply with the CMMC / NIST 800-171 Requirements

Many DoD contractors, suppliers, and vendors who process Controlled Unclassified Information (CUI) have no idea how to comply with the CMMC / NIST 800-171 cybersecurity requirements as listed in the DFARS 252.204-7012 clause.  Even when contractors understand the requirement, they are often resource strapped and cannot dedicate enough time to develop a compliant cybersecurity program. 

Totem aims to rectify this situation with a series of short, online, hands-on virtual classes to show DoD contractors how to comply with the CMMC / NIST 800-171 requirement and build a compliant program with limited resources.  

Cybersecurity Webinars for DoD Contractors

Our virtual DFARS classes are led by Totem’s team of seasoned cybersecurity experts, who themselves work for a small business prime DoD contractor. Presentation topics are outlined in the schedule section below and are intended to set the attendee off on the right foot to develop an Information Technology System Security Plan (SSP) commensurate with current DFARS 7012 requirements (NIST 800-171 controls) and future CMMC practice requirements.  Attendees will also learn how to comply with the incident response and reporting requirements for DoD contractors.  Workshop cohort size will be limited to no more than 10 companies to maximize individual Q&A time with our expert instructors.

Tuition for the nine (9) 1.5 hour classes, the additional extensive 1.5 hour Q&A session, e-workbook, and 30 days of the Totem Cybersecurity Compliance Management Software is $500.

Next Cohort Starts April 6

Classes are held Monday, Wednesday, Friday for three consecutive weeks.
The fourth Monday will be an optional Q&A session for any additional questions.






Overview of Requirements   

Overview of DFARS/CMMC cybersecurity compliance

1 hr presentation

½ hr Q&A


Scoping your plan  

System Inventory basics

System Description workbook introduction

1 hr presentation

½ hr Q&A


Initial Assessment  

The DoD 800-171 Assessment Methodology

½ hr presentation

1 hr Q&A


Building an SSP (Part 1)  

System Security Plan (SSP) requirements

Introduction to Cybersecurity Program Planning

1 hr presentation

½ hr Q&A


Building an SSP (Part 2)  

Principles of quality cybersecurity policies

Addressing the FAR 17

½ hr presentation

1 hr Q&A


Reporting Incidents  

Procuring an ECA certificate to report CUI-related incidents to the DoD.

½ hr presentation

1 hr Q&A


Incident Response Planning (Part 1)  

Incident Response Plan Basics

½ hr presentation

1 hr Q&A


Incident Response Planning (Part 2) 

Exercising your Incident Response Plan

1 hr presentation

½ hr Q&A


Closing the gaps

Developing and executing a Plan of Actions and Milestones  (POA&M)

½ hr presentation

1 hr Q&A


Wrap up

Answer lingering questions

1.5 hr Q&A

By participating in all of these virtual classes, the attendee will:

Understand the requirements for a DoD contractor cybersecurity program

Understand how the DoD intends to assess and certify cybersecurity programs for compliance

Begin building a System Security Plan (SSP) as a set of “blueprints” for their organization’s cybersecurity program

Begin developing a compliant and efficient cyber Incident Response capability within their organization

Understand how to develop and execute corrective action plans to fix gaps between current state of cybersecurity plan implementation and that outlined in the SSP