CMMC Accreditation Body
Regulations and DoD Instructions
Basic Safeguarding of Covered Contractor Information Systems
Compliance with Safeguarding Covered Defense Information Controls
Safeguarding Covered Defense Information and Cyber Incident Reporting
Notice of NIST SP 800-171 DoD Assessment Requirements
NIST SP 800-171 DoD Assessment Requirements
DoD NIST SP 800-171 Assessment Methodology
Used by DoD contractors when performing Basic self-assessments, and to calculate resulting scores, required under DFARS 252.204-7019
Supplier Performance Risk Management System (SPRS)
System used to report self-assessment scores to the US DoD.
Cybersecurity Maturity Model Certification Requirements
Controlled Unclassified Information (CUI)
Executive Order 13556
Creates the Controlled Unclassified Information Program
NARA CUI Registry
The National Archives and Records Administration administers the US Government’s CUI Program
DoD Instruction 5200.48 establishes the DoDs CUI program
DoD CUI Registry
The DoD CUI Registry applies NARAs CUI registry within the context of the DoD
Mandatory CUI Training
Free CUI training offered by DoD. Mandatory for all DoD and contractor staff who handle CUI.
National Institute of Standards and Technology (NIST) Special Publications and Standards
NIST SP 800-171
Requirements that must be met by all contractors creating, storing, processing, or securing CUI.
NIST SP 800-171A
Assessment methodology defined by NIST and adopted by NARA for all systems containing CUI.
NIST SP 800-172
Enhanced security requirements for protecting CUI. Used for securing especially sensitive CUI.
NIST SP 800-53
Security and Privacy Controls for Information Systems and Organizations. Used by the Federal Government to Securure their systems.