CMMC Accreditation Body
Regulations and DoD Instructions
Basic Safeguarding of Covered Contractor Information Systems
Compliance with Safeguarding Covered Defense Information Controls
Safeguarding Covered Defense Information and Cyber Incident Reporting
Notice of NIST SP 800-171 DoD Assessment Requirements
NIST SP 800-171 DoD Assessment Requirements
Used by DoD contractors when performing Basic self-assessments, and to calculate resulting scores, required under DFARS 252.204-7019
System used to report self-assessment scores to the US DoD.
Cybersecurity Maturity Model Certification Requirements
Controlled Unclassified Information (CUI)
Creates the Controlled Unclassified Information Program
The National Archives and Records Administration administers the US Government’s CUI Program
DoD Instruction 5200.48 establishes the DoDs CUI program
The DoD CUI Registry applies NARAs CUI registry within the context of the DoD
Free CUI training offered by DoD. Mandatory for all DoD and contractor staff who handle CUI.
National Institute of Standards and Technology (NIST) Special Publications and Standards
Requirements that must be met by all contractors creating, storing, processing, or securing CUI.
Assessment methodology defined by NIST and adopted by NARA for all systems containing CUI.
Enhanced security requirements for protecting CUI. Used for securing especially sensitive CUI.
Security and Privacy Controls for Information Systems and Organizations. Used by the Federal Government to Securure their systems.