CMMC & DFARS Compliance
Final Public Draft (FPD) of the third version of 800-171, a foundational CMMC document.
The pending version of objectives for assessing 171 implementation.
The most current version of 800-171, a foundational CMMC document.
The former version of 171A, a foundational CMMC document that includes assessment objectives as well as controls.
Defense Federal Acquisition Regulation Supplement (DFARS) 7012, a document that underlies 800-171 and CMMC.
Department of Defense (DoD) search tool for CMMC lexicon and acronyms.
NIST's search tool for evolving cyber language.
Hub for CMMC docs owned by the DoD, including Scoping Guidance, Model Overview, Glossary, and more.
DoDAM for conducting assessments and self-assessments against 800-171 requirements.
A complete list of CUI categories helpful in determining if a document, process, or contract includes Controlled Unclassified Information (CUI).
Guidance for determining scope in businesses that process, handle, or store CUI.
Guidance in the preparation for and execution of a Level 2 Self-Assessment or Level 2 Certification Assessment under the Cybersecurity Maturity Model Certification (CMMC).
CMMC 2.11 Draft Model Overview
Helps orgs track their progress towards compliance by assessment objective.
Cyber FAQ with reference to DFARS 7012, NIST 800-171, and Basic Safeguarding of Contractor Information Systems.
DFARS FAQ with many nuggets of wisdom.
DIB SCC CMMC 101.
FREE LINKS FOR DIB CYBERSECURITY
Protective Domain Name System Services, Attack Surface Management, and Threat Intelligence Collaboration
Examples of methods for tracking hardware, software, and sensitive information in an organization.
Information and links to helpful publicly available cybersecurity resources for the DIB.
SPRS Scoring Sheet, Separation of Duties Matrix, CUI ID Guide, etc.
SPRS Scoring Sheet, Separation of Duties Matrix, CUI ID Guide, etc.
WinZip Enterprise Government and Regulated edition, in which the features are turned off, leaving only basic zipping and unzipping available by default.
Developed in 2022 with public safety officials who have first hand experience with cyberattacks, this doc provides expectations and recommendations on how to proceed after a cyber incident.
Tools for stakeholders to conduct planning exercises on a wide range of threat scenarios.
Tools for stakeholders to conduct planning exercises on a wide range of threat scenarios.
Updated on a rolling basis, this link maintains resources, training opportunities, webinars, etc.
A standardized template of questions to communicate ICT supply chain risk posture in a consistent way among public and private organizations of all sizes.
Tools by COOEY, for COOEY.
DIB information security tools.
An interview-based assessment to evaluate an organization’s operational resilience and cybersecurity practices.
For small businesses.
FREE TRAININGS
After reviewing these training products, additional training is available on this webpage to expand your knowledge and skills.
Everything you need to get PCI DSS certified.
Everything you need to get an SOC 2 report.
MOOCs are a self-paced and free online option, allowing you to be part of a virtual global network of faculty, peers, and industry experts.
Free G-Suite Training.
Free, individual, and team cloud skills development options.
Video series on penetration testing, including: Network Penetration Testing, Cloud Based Penetration Testing, Web Application and API Penetration Testing.
Video series on penetration testing, including: Network Penetration Testing, Cloud Based Penetration Testing, Web Application and API Penetration Testing.
Workshop that contains a collection of security learnings, principles, and recommendations for modernizing security in your organization.
Videos related to ISO 27001 series of frameworks, including: ISO 27001(ISMS), ISO 27701 (PIMS), ISO 27017 (Cloud Security), ISO 27018 (Cloud Privacy), ISO 9001 (QMS), ISO 22301 (BCMS).
Learn Governance, Risk, and Compliance Analyst skills, and the theory behind how those skills support a business, with this course.
Free classes on a variety of topics, from MITRE ATT&CK to purple teaming to cloud security.
Free resources and workshops.