Helpful Links

Links and Tools to help you understand, prepare for, and maintain, your CMMC Certification

Tools

CMMC Model

CMMC Accreditation Body

Regulations and DoD Instructions

FAR 52.204-21

Basic Safeguarding of Covered Contractor Information Systems

DFARS 252.204-7008

Compliance with Safeguarding Covered Defense Information Controls

DFARS 252.204-7012

Safeguarding Covered Defense Information and Cyber Incident Reporting

DFARS 252.204-7019

Notice of NIST SP 800-171 DoD Assessment Requirements

DFARS 252.204-7020

NIST SP 800-171 DoD Assessment Requirements

DoD NIST SP 800-171 Assessment Methodology

Used by DoD contractors when performing Basic self-assessments, and to calculate resulting scores, required under DFARS 252.204-7019

Supplier Performance Risk Management System (SPRS)

System used to report self-assessment scores to the US DoD.

DFARS 252.204-7021

Cybersecurity Maturity Model Certification Requirements

Controlled Unclassified Information (CUI)

Executive Order 13556

Creates the Controlled Unclassified Information Program

NARA CUI Registry

The National Archives and Records Administration administers the US Government’s CUI Program

DoDI 5200.48

DoD Instruction 5200.48 establishes the DoDs CUI program

DoD CUI Registry
DoD CUI Registry

The DoD CUI Registry applies NARAs CUI registry within the context of the DoD

DoD Mandatory CUI Training

Mandatory CUI Training

Free CUI training offered by DoD. Mandatory for all DoD and contractor staff who handle CUI.

National Institute of Standards and Technology (NIST) Special Publications and Standards

NIST SP 800-171

Requirements that must be met by all contractors creating, storing, processing, or securing CUI.

NIST SP 800-171A

Assessment methodology defined by NIST and adopted by NARA for all systems containing CUI.

NIST SP 800-172

Enhanced security requirements for protecting CUI. Used for securing especially sensitive CUI.

NIST SP 800-53

Security and Privacy Controls for Information Systems and Organizations. Used by the Federal Government to Securure their systems.