Guidelines: Defining rules & the setting direction of travel
There are several references documents which are important in understanding the CMMC programme and its application to the protection of FCI and CUI data.
Undersecretary of Defence for Acquisition and Sustainment (OUSD A&S)
CMMC 1.0 Level 1 assessment guide
CMMC 1.0 Level 3 assessment guide
Defence Contract Management Agency (DCMA) & NIST
NIST SP 800 – 171r2
DoD Assessment Methodology (DAM) – NIST (SP) 800 – 171A
Defence Acquisition Regulation – DFARS Interim Final Ruling
DFARS Case D041
Interim Final Ruling
DFARS Case 2019-D041
Regulatory Impact Assessment
Defence Acquisition Regulation
FAR 48 CFR 52.204 – 21
DFARS 48 CFR 252.204 – 7012
National Institute for Science and Technology (NIST)
NIST SP 800 – 171 r2
National Archives
CUI Policy and Guidance
CUI Implementation Regulation
Assessing CUI in non Federal Systems
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. You have the option to opt-out of cookies.
The design of this site aims to minimise the use of cookies, using only those which are absolutely essential for the website to function properly. This category only includes cookies that ensures the basic functionalities and security features of the website.