Guidelines: Defining rules & the setting direction of travel

There are several references documents which are important in understanding the CMMC programme and its application to the protection of FCI and CUI data. 

Undersecretary of Defence for Acquisition and Sustainment (OUSD A&S)

Office of the Under Secretary of Defence and Acquisition Sustainment

 

CMMC Level 1 assessment guide
CMMC Level 3 assessment guide

Defence Contract Management Agency (DCMA)
Defence Acquisition Regulation

 

DoD Assessment Methodology (DAM) – NIST (SP) 800 – 171A
DCMA DoD Assessment Methodology
Defence Acquisition Regulation – DFARS Interim Final Ruling
Defence Acquisition Regulation

 

DFARS Case D041
Interim Final Ruling
DFARS Case 2019-D041
Regulatory Impact Assessment

Office of the Undersecretary of Defence for Acquisition and Sustainment (OUSD A&S)

Office of the Under Secretary of Defence and Acquisition Sustainment

 

CMMC Model Briefing

CMMC Model V1.02

CMMC Model Appendices

Defence Acquisition Regulation
Defence Acquisition Regulation

 

FAR 48 CFR 52.204 – 21

 

DFARS 48 CFR 252.204 – 7012

National Institute for Science and Technology (NIST)

National Institute of Standards and Technology (NIST)

NIST 800 – 171 r2

National Archives

US National Archives for Controlled Unclassified Information (CUI)

CUI Policy and Guidance
CUI Implementation Regulation
Assessing CUI in non Federal Systems
Chartered Security Professional (CSyP)Security Institute (MSyI)Worshipful Company of Security ProfessionalsAcademy of Experts