Helpful Links
Tools
CMMC Model
CMMC Accreditation Body
Regulations and DoD Instructions
DoD NIST SP 800-171 Assessment Methodology
Used by DoD contractors when performing Basic self-assessments, and to calculate resulting scores, required under DFARS 252.204-7019
Supplier Performance Risk Management System (SPRS)
System used to report self-assessment scores to the US DoD.
Controlled Unclassified Information (CUI)
NARA CUI Registry
The National Archives and Records Administration administers the US Government’s CUI Program




Mandatory CUI Training
Free CUI training offered by DoD. Mandatory for all DoD and contractor staff who handle CUI.
National Institute of Standards and Technology (NIST) Special Publications and Standards




NIST SP 800-171
Requirements that must be met by all contractors creating, storing, processing, or securing CUI.
NIST SP 800-171A
Assessment methodology defined by NIST and adopted by NARA for all systems containing CUI.
NIST SP 800-172
Enhanced security requirements for protecting CUI. Used for securing especially sensitive CUI.
NIST SP 800-53
Security and Privacy Controls for Information Systems and Organizations. Used by the Federal Government to Securure their systems.