Skip to main content
Image coming soon

Security Systems Administration for Defense Contracts

$199.00
Adding to cart… The item has been added

A focused course, tailored for you

Security Systems Administration for Defense Contracts

The practitioner course for security admins who manage NIST, CMMC, and FedRAMP controls across classified and commercial environments.

The gap between what your security systems actually enforce and what your compliance documentation claims they enforce is the single most common finding in CMMC Level 2 assessments. For a Security Systems Administrator at a defense contractor, that gap lives in the firewall rule sets you inherited, the access control policies written for a smaller environment, and the audit log configurations that were last reviewed during a previous contract period.

$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.

Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.

Why this course

Security Systems Administrators at defense contractors carry an unusual dual burden: keeping systems operational while maintaining the precise documentation trail that auditors and program security officers require. The NIST 800-171 control families map cleanly to what you configure every day, but the evidence those configurations actually meet the control intent is rarely captured at the moment the change happens. A firewall rule gets added for a project, the engineer documents it in Jira, and three contracts later the CMMC assessor asks for the system security plan reference and the access control policy that authorizes that rule. The trail is there if you reconstruct it. But reconstruction is not evidence. This course is about building the administrative infrastructure so the evidence is created at the same time the configuration is made.

What you walk away with

  • Build a control evidence trail that creates documentation at the moment of configuration change, not during assessment preparation.
  • Map your existing firewall rule sets, access control configurations, and audit log policies directly to NIST 800-171 control families.
  • Produce a CMMC Level 2 system security plan section from your actual technical baseline, not a templated narrative.
  • Close audit findings by creating forward-looking configuration standards that prevent recurrence rather than patching individual gaps.
  • Align your change control process with the evidence artefacts assessors want to see for each access control and audit logging control.
  • Build a repeatable configuration review cycle that keeps your compliance record current between assessment periods.

The 12 modules

Module 1. What CMMC Level 2 Actually Asks of a Security Systems Admin
This module maps the 110 NIST 800-171 practices to the specific technical configurations a security systems admin owns versus what program security or IT governance owns. You will produce a responsibility matrix that clarifies which controls live in your firewall, endpoint management, and IAM tooling, and which require evidence from other teams. This artefact drives every subsequent module and becomes a section of your system security plan.
Module 2. Firewall Rule Set Audit and NIST 800-171 Mapping
Systematic process for auditing an inherited firewall rule set against the access control and configuration management families in NIST 800-171. Covers how to document the authorization basis for each rule, how to flag rules with no traceable authorization, and how to produce an access control configuration summary that satisfies AC.1.001 through AC.2.006 without rewriting your entire policy. Includes a rule audit template formatted for CMMC evidence packages.
Module 3. Identity and Access Management Controls That Pass Level 2 Assessment
Covers the specific IAM configurations that CMMC Level 2 assessors test directly: multi-factor authentication scope, privileged account controls, account termination procedures, and remote access authorization. For each control you will build the configuration evidence artefact alongside the policy reference. The module addresses common gaps where the technical control exists but the documentation connecting it to the 800-171 practice identifier is missing.
Module 4. Audit Log Configuration and Retention Evidence
Defense contracts require audit logs that cover specific event categories under AU.2.041 through AU.3.045. This module walks through configuring audit log scope on Windows and Linux endpoints, network devices, and cloud workloads, then shows you how to document your log retention policy in a format that satisfies both the CMMC practice requirements and the SIEM query an assessor will run during a technical examination. Includes a log coverage matrix template.
Module 5. Change Control That Creates Compliance Evidence Automatically
The most common CMMC finding for technical administrators is a configuration that works as intended but has no authorization trail. This module redesigns your change control workflow so that each approved change generates the configuration management evidence artefact required by CM.2.061 through CM.3.068 as a byproduct of the approval process. Works with ServiceNow, Jira, or a manual approval chain. Produces a change management procedure document formatted for your SSP.
Module 6. System Security Plan Sections You Own as the Technical Admin
Most system security plans are written by policy teams and then sent to technical admins for a factual review that never happens. This module reverses that: you write the technical baseline sections directly from your configurations, covering network architecture, boundary protection, and the access control implementation narrative. The output is a draft SSP section that describes what your systems actually do, which is the only SSP section that passes a technical examination.
Module 7. CMMC POA&M: Closing Findings Without Creating New Ones
A Plan of Action and Milestones that lists findings without credible remediation dates and responsible owners creates more risk than it resolves. This module covers how to structure a POA&M entry for a technical finding so that the milestone is achievable, the responsible party is the person who controls the configuration, and the closure evidence is defined before you start remediation. Includes a POA&M template for technical control findings that has passed Level 2 assessment review.
Module 8. Incident Response Configuration Evidence for CMMC
IR.2.092 through IR.2.093 require that your incident response capability is documented and tested. For a security systems admin this means your SIEM alerting rules, your escalation playbook, and your contact chain for program security are all documented in a way that an assessor can verify. This module walks through building the IR configuration evidence package from your actual alert rules and escalation procedures, not from a template that does not match your environment.
Module 9. FedRAMP Inherited Controls and What Your Agency Contract Requires
If your contract involves a cloud service provider with a FedRAMP authorization, you inherit a set of controls from that provider and remain responsible for a customer responsibility matrix. This module covers how to read an FedRAMP customer responsibility summary, identify which controls you implement versus inherit, and document your implementation in a way that satisfies both the FedRAMP boundary and any additional NIST 800-171 requirements from the contract. Addresses common gaps in hybrid environments.
Module 10. Endpoint Hardening Baselines and Configuration Documentation
CM.2.064 requires a baseline configuration for all system components. For a security systems admin this means your endpoint hardening standard, your deviation approval process, and your configuration scanning schedule are all documented and current. This module walks through building a hardening baseline document from your existing CIS benchmark implementation or DISA STIG compliance posture, and shows you how to document approved deviations so they do not become audit findings.
Module 11. Continuous Monitoring That Feeds Your Assessment Artefacts
A continuous monitoring program that produces weekly vulnerability scan reports is only useful for CMMC if the reports are correlated to control families and tracked against your POA&M. This module covers how to configure your vulnerability scanning output, your configuration assessment schedule, and your review cycle so that the artefacts produced between assessments are the same artefacts your assessor will ask for. Produces a continuous monitoring plan formatted for SSP inclusion.
Module 12. Assessment Readiness: The 30-Day Technical Review Cycle
The final module is a structured 30-day technical review process that a security systems admin runs before a CMMC Level 2 assessment. It covers which configurations to verify, which documentation to pull and cross-check against actual settings, which POA&M items need a status update, and how to brief your program security officer on technical findings before the assessor arrives. The output is a pre-assessment checklist mapped to the 110 practices with owner and status for each item.

How this addresses your situation

Specific modules that map to what you said you are dealing with.

Inherited a firewall rule set with no authorization trail and an assessment coming up
POA&M has open findings from the last assessment with no credible closure dates
SSP was written by a policy team and does not match what the systems actually do
FedRAMP cloud workloads and CMMC on-premises systems with no clear boundary documentation

What you get with this course

  • 12 written modules covering the full CMMC Level 2 technical control evidence lifecycle
  • Firewall rule audit template formatted for CMMC evidence packages
  • Audit log coverage matrix template
  • Change management procedure document template for SSP inclusion
  • POA&M template for technical control findings
  • Pre-assessment checklist mapped to all 110 NIST 800-171 practices
  • Access via the Art of Service learning environment
  • Hand-built implementation playbook tailored to your environment delivered alongside course access

What you will have in hand by Day 1, Week 1, Month 1

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

Before and after

Before

Your compliance documentation describes what your systems are supposed to do. Your systems do something slightly different. You know where the gaps are but the evidence chain to close them does not exist yet.

After

Your firewall rules, IAM configurations, and audit log policies are each documented with the control authorization trail an assessor needs. Your SSP reflects what your systems actually enforce. Your POA&M has credible closure artefacts for every open finding.

What happens if you do not address this

A CMMC Level 2 assessment with undocumented technical controls does not fail quietly. It fails with a finding list that requires remediation evidence before the certificate issues. For a defense contractor, that delays contract awards and triggers program security involvement at the worst possible time.

Who it is for

Security Systems Administrators who manage infrastructure for US government contracts, including DoD programs subject to CMMC, civilian agency contracts subject to FedRAMP, or hybrid environments with both classified and commercial workloads. Typically responsible for firewall policy, endpoint controls, identity and access management, and audit logging, with responsibility for control evidence that feeds into system security plans and assessment artefacts.

Who this is NOT for. Pure policy writers who do not touch technical configurations. Security managers who delegate all hands-on administration. Organizations not subject to CMMC, FedRAMP, or NIST 800-171.

How it arrives

Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.

Time investment. 12 modules at roughly 45-60 minutes each. Most administrators complete the course over two weeks, applying each module's artefacts to their own environment as they go.

Why $199 is the right number

CMMC preparation consultants typically charge $15,000-$40,000 for a gap assessment and remediation support. This course gives you the frameworks, templates, and implementation methodology to do that work yourself, with the playbook built to your specific environment for $199.

FAQ

Does this course cover CMMC Level 3 or just Level 2?
The course focuses on Level 2, which covers 110 practices from NIST 800-171. Level 3 adds 24 practices from NIST 800-172 and is only relevant for programs with enhanced protection requirements. Most defense contractors are assessed at Level 2.
Is the implementation playbook a generic template or does it reflect my environment?
The playbook is hand-built by Gerard based on your role, your contract type, and the specific control gaps most common in your environment type. It is not a generic document. It is built after you enroll.
Does this work for hybrid environments with both on-premises and cloud workloads?
Yes. Module 9 specifically covers FedRAMP inherited controls and customer responsibility matrices for cloud workloads. The course addresses boundary documentation for hybrid environments throughout.

30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.