BAI – Risk Management Framework I CMMC Publications

DEFENSE FEDERAL ACQUISITION REGULATIONS (DFARS)

Defense Federal Acquisition Regulation (DFARS) Case 2019-D041: Assessing Contractor Implementation of Cybersecurity Requirements

252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting

DFARS Provision 252.204-7019: Notice of NIST SP 800-171 DoD Assessment Requirements

252.204-7020 NIST SP 800-171 DoD Assessment Requirements

252.204-7021 Cybersecurity Maturity Model Certification Requirements

NIST SPECIAL PUBLICATIONS

NIST SP 800-171 Rev. 2: Protecting CUI in Nonfederal Systems

NIST SP 800-172: Enhanced Security Requirements for Protecting Controlled Unclassified Information (A Supplement to NIST Special Publication 800-171)

NIST SP 800-171A: Assessing Security Requirements for Controlled Unclassified Information

NIST SP 800-172A: Assessing Enhanced Security Requirements for Controlled Unclassified Information

CMMC MODEL OVERVIEW

CMMC Model Overview

CMMC 2.0 Spreadsheet and Mapping (xlsx)

CMMC SCOPING GUIDANCE

CMMC Level 1 Scoping Guidance
CMMC Level 2 Scoping Guidance
CMMC Level 3 Scoping Guidance is still in development.

CMMC ASSESSMENT GUIDES

CMMC Level 1 Self-Assessment Guide
CMMC Level 2 Assessment Guide
CMMC Level 3 Assessment Guide is still in development.