Frameworks
CMMC
The Cybersecurity Maturity Model Certification (CMMC) is the third-party attestation requirement for measuring adherence to DFARS 252.204-7012. CMMC is identified in DFARS 252.204-7021, in Title 32 Part 2002 of the CFR, and Title 48 of the DFARS. Now in version 2.0, CMMC is a program of record due to be implemented gradually beginning in 2025
Coming Soon
NIST SP 800-171
Title 48 of the Code of Federal Regulations, Chapter 2 Defense Acquisition Regulations System (also referred to as the Defense Acquisition Regulation Supplement or DFARS) outlines requirements for solicitations and provisions for Federal Contractors. The 204.7304 Solicitation provision and contract clauses includes cyber requirements for Controlled Unclassified Information (CUI). It is within these provisions that requirements for cybersecurity are identified.
Learn More about where requirements come from
Learn More about Implementing NIST controls and frameworks
NIST SP 800-53
The NIST Special Publication 800-53 is the source document from which all DoD security controls are derived.
Learn More about Implementing NIST controls and frameworks
NIST SP 800-161
Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations
Learn More about Implementing NIST controls and frameworks
Zero Trust Architecture
Learn More about Implementing NIST controls and frameworks
NIST A.I. RMF
Learn More about Implementing NIST controls and frameworks
Criminal Justice Information Services (CJIS) Security Policy
Coming Soon
International Standards - CPCSC
The Canadian Program for Cyber Security Certification (CPCSC) is a national cyber standard focused on implementing a cybersecurity baseline similar or identical to the United States DFARS 252.204-7012, CMMC, NIST SP 800-171, and/or NIST SP 800-172. This standard expected to go into effect in winter of 2025.