The CMMC Program Final Rule (published 2024-10-15)
https://public-inspection.federalregister.gov/2024-22905.pdf
CMMC v2.13 Scoping Guides, Assessment Guides and other supplemental documents
https://dodcio.defense.gov/cmmc/Resources-Documentation/
Memo: FEDRAMP Equivalency for Cloud Service Providers
https://dodcio.defense.gov/Portals/0/Documents/Library/FEDRAMP-EquivalencyCloudServiceProviders.pdf
FAR 52.204-21 "Basic Safeguarding Rule"
https://www.acquisition.gov/far/52.204-21
DFARS 7012 Clause
https://www.acquisition.gov/dfars/252.204-7012-safeguarding-covered-defense-information-and-cyber-incident-reporting.
The Interim Rule
https://www.govinfo.gov/content/pkg/FR-2020-09-29/pdf/2020-21123.pdf
Supplier Performance Risk System (SPRS)
https://www.sprs.csd.disa.mil/
SPRS Quick Entry Guide for 800-171 self-assessments
https://www.sprs.csd.disa.mil/pdf/NISTSP800-171QuickEntryGuide.pdf
NIST SP 800-171 DoD Assessment Methodology, Version 1.2.1, June 24, 2020
https://www.acq.osd.mil/asda/dpc/cp/cyber/docs/safeguarding/NIST-SP-800-171-Assessment-Methodology-Version-1.2.1-6.24.2020.pdf
NIST SP 800-171A, Assessing Security Requirements for Controlled Unclassified Information
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171a.pdf
NIST SP 800-171 r2
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r2.pdf
NIST SP 800-171 r3
https://csrc.nist.gov/pubs/sp/800/171/r3/final
NIST SP 800-171A r3, Assessing Securifty Requirements for Controlled Unclassified Information
https://csrc.nist.gov/pubs/sp/800/171/A/r3/final
CUI SSP Template from NIST
https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-SSP-Template-final.docx
CUI POAM Template from NIST
https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-Plan-of-Action-Template-final.docx
NIST SP 800-53 r5
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf
CMMC Assessment Process (CAP) Pre-Decisional Draft v 1.0
https://cyberab.org/Portals/0/Documents/Process-Documents/CMMC-Assessment-Process-CAP-v1.0.pdf
Cyber AB Marketplace
https://cyberab.org/marketplace/
C3PAO Stakeholder Forum Position Papers
https://www.c3paoforum.org/position-papers/
National Archives CUI Registry
https://www.archives.gov/cui
NIST CSRC Cryptographic Module Validation Program CMVP
https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules
NIST CSRC Glossary of Terms & Definitions
https://csrc.nist.gov/glossary
SP 800-18 Guide for Developing Security Plans for Federal Information Systems
https://csrc.nist.gov/publications/detail/sp/800-18/rev-1/final
Microsoft's Shared Responsibility Model
https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility/
Amazon Web Services Shared Responsibility Model
https://aws.amazon.com/compliance/shared-responsibility-model/
Google Cloud Platform's Shared Responsibility Model
https://cloud.google.com/architecture/framework/security/shared-responsibility-shared-fate
Free Training Resources
US CERT Alerts
https://us-cert.cisa.gov/ncas/alerts
SANS Newsletters
https://www.sans.org/newsletters/?msc=main-nav
InfraGard
https://www.infragard.org/
InfraGard Louisiana Member's Alliance
https://www.infragard-la.org/
https://public-inspection.federalregister.gov/2024-22905.pdf
CMMC v2.13 Scoping Guides, Assessment Guides and other supplemental documents
https://dodcio.defense.gov/cmmc/Resources-Documentation/
Memo: FEDRAMP Equivalency for Cloud Service Providers
https://dodcio.defense.gov/Portals/0/Documents/Library/FEDRAMP-EquivalencyCloudServiceProviders.pdf
FAR 52.204-21 "Basic Safeguarding Rule"
https://www.acquisition.gov/far/52.204-21
DFARS 7012 Clause
https://www.acquisition.gov/dfars/252.204-7012-safeguarding-covered-defense-information-and-cyber-incident-reporting.
The Interim Rule
https://www.govinfo.gov/content/pkg/FR-2020-09-29/pdf/2020-21123.pdf
Supplier Performance Risk System (SPRS)
https://www.sprs.csd.disa.mil/
SPRS Quick Entry Guide for 800-171 self-assessments
https://www.sprs.csd.disa.mil/pdf/NISTSP800-171QuickEntryGuide.pdf
NIST SP 800-171 DoD Assessment Methodology, Version 1.2.1, June 24, 2020
https://www.acq.osd.mil/asda/dpc/cp/cyber/docs/safeguarding/NIST-SP-800-171-Assessment-Methodology-Version-1.2.1-6.24.2020.pdf
NIST SP 800-171A, Assessing Security Requirements for Controlled Unclassified Information
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171a.pdf
NIST SP 800-171 r2
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r2.pdf
NIST SP 800-171 r3
https://csrc.nist.gov/pubs/sp/800/171/r3/final
NIST SP 800-171A r3, Assessing Securifty Requirements for Controlled Unclassified Information
https://csrc.nist.gov/pubs/sp/800/171/A/r3/final
CUI SSP Template from NIST
https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-SSP-Template-final.docx
CUI POAM Template from NIST
https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-Plan-of-Action-Template-final.docx
NIST SP 800-53 r5
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf
CMMC Assessment Process (CAP) Pre-Decisional Draft v 1.0
https://cyberab.org/Portals/0/Documents/Process-Documents/CMMC-Assessment-Process-CAP-v1.0.pdf
Cyber AB Marketplace
https://cyberab.org/marketplace/
C3PAO Stakeholder Forum Position Papers
https://www.c3paoforum.org/position-papers/
National Archives CUI Registry
https://www.archives.gov/cui
NIST CSRC Cryptographic Module Validation Program CMVP
https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules
NIST CSRC Glossary of Terms & Definitions
https://csrc.nist.gov/glossary
SP 800-18 Guide for Developing Security Plans for Federal Information Systems
https://csrc.nist.gov/publications/detail/sp/800-18/rev-1/final
Microsoft's Shared Responsibility Model
https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility/
Amazon Web Services Shared Responsibility Model
https://aws.amazon.com/compliance/shared-responsibility-model/
Google Cloud Platform's Shared Responsibility Model
https://cloud.google.com/architecture/framework/security/shared-responsibility-shared-fate
Free Training Resources
- DoD Mandatory Controlled Unclassified Information (CUI) Training
https://securityawareness.usalearning.gov/cui/index.html
- CISA Insider Threat training resources
https://www.cisa.gov/training-awareness
- CDSE's Insider Threat Program
https://www.cdse.edu/Training/Insider-Threat/
US CERT Alerts
https://us-cert.cisa.gov/ncas/alerts
SANS Newsletters
https://www.sans.org/newsletters/?msc=main-nav
InfraGard
https://www.infragard.org/
InfraGard Louisiana Member's Alliance
https://www.infragard-la.org/