¶ CMMC Lab Families
Hands-on labs aligned to CMMC Level 1 control families
¶ Overview
The CRC Cyber Lab curriculum is organized by CMMC Level 1 control families. Each family contains 12 scenario-driven labs where students identify and remediate real security misconfigurations in a live Active Directory environment.
Labs are:
- Scenario-driven — based on a fictional company (ACS Consulting)
- Step-by-step — guided instructions with real-world workflows
- GUI-first — students use the same tools as enterprise analysts
- Ansible-verified — automated PASS/FAIL validation per objective
¶ Access Control (AC) — 12 Labs
Status: 
Live
Aligned to CMMC AC.L1-3.1.1 through AC.L1-3.1.22
| Module | Focus | Labs |
|---|---|---|
| M1: Account Management | Terminated users, unauthorized group access, privilege escalation | 3 |
| M2: Joiners, Movers, Leavers | New hire provisioning, role changes, offboarding | 3 |
| M3: Least Privilege | Group membership cleanup, delegation, separation of duties | 3 |
| M4: Audit & Accountability | Shared accounts, audit logging, group nesting | 3 |
Tools Used: Active Directory Users and Computers (ADUC)
All AC labs execute on the domain controller using ADUC exclusively — ideal for students new to Active Directory administration.
¶ Identification & Authentication (IA) — 12 Labs
Status: Live
Aligned to CMMC IA.L1-3.5.1 and IA.L1-3.5.2
| Module | Focus | Labs |
|---|---|---|
| M1: User Identification | Shared accounts, zombie accounts, generic accounts | 3 |
| M2: Non-Person Entity ID | Service accounts, rogue devices, account matrices | 3 |
| M3: Authentication Management | Password policies, credential resets, forced password changes | 3 |
| M4: Defaults & Process Auth | Default credentials, SNMP strings, hardcoded passwords | 3 |
Tools Used: ADUC, PowerShell, Task Scheduler, File Explorer
IA labs expand beyond ADUC into PowerShell, Task Scheduler, and file-based evidence — building on skills from the AC labs.
¶ Audit & Accountability (AU) — 12 Labs
Status: 
Coming Soon
Aligned to CMMC AU.L2-3.3.x controls
Labs will cover:
- Audit policy configuration and enforcement
- Log collection and review
- Event log analysis and correlation
- Accountability tracking and evidence preservation
¶ System & Communications Protection (SC) — 12 Labs
Status: Coming Soon
Aligned to CMMC SC.L1-3.13.x controls
Labs will cover:
- Network boundary protection
- Communication encryption enforcement
- Session management and timeout policies
- System interconnection security
¶ System & Information Integrity (SI) — 12 Labs
Status: Coming Soon
Aligned to CMMC SI.L1-3.14.x controls
Labs will cover:
- Malware protection and detection
- Security alert monitoring
- System flaw remediation
- Information integrity verification
¶ Configuration Management (CM) — 12 Labs
Status: Coming Soon
Aligned to CMMC CM.L2-3.4.x controls
Labs will cover:
- Baseline configuration management
- Configuration change control
- Least functionality enforcement
- Software usage restrictions
¶ Curriculum Roadmap
| Control Family | Labs | Status | Target |
|---|---|---|---|
| Access Control (AC) | 12 | Live |
Complete |
| Identification & Authentication (IA) | 12 | Live |
Complete |
| Audit & Accountability (AU) | 12 | Coming Soon |
Q3 2026 |
| System & Comms Protection (SC) | 12 | Coming Soon |
Q4 2026 |
| System & Info Integrity (SI) | 12 | Coming Soon |
Q1 2027 |
| Configuration Management (CM) | 12 | Coming Soon |
Q1 2027 |
| Total | 72 |
¶ How Labs Work
¶ 1. Seed
An instructor launches a seed job in AWX. Ansible playbooks configure each student pod with intentional security misconfigurations. Each lab starts in a known FAIL state.
¶ 2. Operate
Students connect via Guacamole (browser-based RDP) and work through the lab scenario using real enterprise tools. Each lab takes 15–30 minutes.
¶ 3. Verify
The instructor runs a verify job. Ansible checks whether the student correctly remediated every issue. Results are reported as PASS/FAIL per check.
¶ 4. Reset
Labs can be reset back to their seed state at any time for retries or the next class.
¶ Quick Links
| Resource | Link |
|---|---|
| CyberLab Overview | High-level platform overview |
| Architecture Overview | Full infrastructure and capabilities |
| AWX Automation | Seed, verify, and reset workflows |
| AWX Lab Seeding Guide | Step-by-step instructor guide |
TCecure CRC CyberLab — Building cybersecurity skills through hands-on practice