2024 CMMC Rule

Oct 15

Internal Resources:

CMMC Program Information: CMMC Program Information

External Resources:

CMMC Defense Federal Acquisition Regulation Supplement (DFARS) Proposed Rule: CMMC DFARS Proposed Rule

DFARS Clause 252.204-7012: Safeguarding Covered Defense Information and Cyber Incident Reporting
DFARS Provision 252.204-7019: Notice of NIST SP 800-171 DoD Assessment Requirements
DFARS Clause 252.204-7020: NIST SP 800-171 DoD Assessment Requirements
DFARS Clause 252.204-7021: TBD
NIST SP 800-171 Rev. 2: Protecting CUI in Nonfederal Systems
NIST SP 800-171A: Assessing Security Requirements for Controlled Unclassified Information
NIST SP 800-172: Enhanced Security Requirements for Protecting Controlled Unclassified Information
NIST SP 800-172A: Assessing Enhanced Security Requirements for Controlled Unclassified Information
DoD CUI Program Website: DoD CUI Program
Supplier Performance Risk System (SPRS): SPRS
CMMC Accreditation Body Website: CMMC Accreditation Body
DODI 5200.48 – Controlled Unclassified Information: DODI 5200.48
DODI 5000.90 – Cybersecurity for Acquisition Decision Authorities and Program Managers: DODI 5000.90
Executive Order on Improving the Nation’s Cybersecurity (May 12, 2021): Executive Order

Additional Resources:

NIST SP 800-53: Security and Privacy Controls for Information Systems and Organizations

NIST Cybersecurity Framework (CSF): NIST Cybersecurity Framework
Cybersecurity & Infrastructure Security Agency (CISA) Resources: CISA Resources
Federal Risk and Authorization Management Program (FedRAMP): FedRAMP
National Defense Industrial Association (NDIA): NDIA Cybersecurity
Defense Acquisition University (DAU): DAU Cybersecurity Courses
CMMC Marketplace: CMMC Marketplace
Cybersecurity and Privacy Reference Tool (CPRT): CPRT

Matthew Hubbard

FedRAMP Memo M-24-15: Modernizing FedRAMP