ĐÓ°ÉĘÓƵ

The resources on this page include additional government resources regarding both Cybersecurity Maturity Model Certification (CMMC) and available cybersecurity resources.

Additional Resources

Regulations

  • Existing regulations
  • CMMC regulations
    • DFARS clause 252.204-7021 (pending revision)

Cyber Incident Reporting

  • Cyber incident reporting website (required by DFARS 252.204-7012)

Cybersecurity Requirements and Assessment Guides

CMMC Level 1

  • Requirements:
  • NIST Assessment Guide: *

CMMC Level 2

  • Requirements: *
  • NIST Assessment Guide: *
  •  (supplemental to NIST’s)

 CMMC Level 3

  • Requirements: defined in the CMMC rule (see the CMMC final rule under CMMC resources)
    •  (supplemental to NIST’s)

*National Institute of Standards and Technology (NIST) special publications for Rev. 2 have been “withdrawn” by NIST but, in accordance with , and until further notice, the NIST 800-171 Rev. 2 requirements will still be used by DoD for the purpose of CMMC until such time as the rule is revised to require NIST SP 800-171 Rev. 3.