Wooden Hut

List of Useful Links

CMMC

CMMC-AB Home  https://cyberab.org

CMMC-AB Town Hall Videos  https://cyberab.org/News-Events/Town-halls

DoD

DoD USD A&S CMMC Model  https://www.acq.osd.mil/cmmc/model.html

 

DoD USD A&S Assessments https://www.acq.osd.mil/cmmc/assessments.html

 

DoD USD A&S Assessment Guide  https://www.acq.osd.mil/cmmc/documentation.html

 

DFARS 254.202.7012  https://www.acquisition.gov/dfars/part-252-solicitation-provisions-and-contract-clauses#DFARS-252.204-7012

 

DFARS 254.202.7019 Notice of NIST SP 800-171 DoD Assessment Requirements  https://www.acquisition.gov/dfars/part-252-solicitation-provisions-and-contract-clauses#DFARS-252.204-7019

 

DFARS 254.202.7020 NIST SP 800-171 DoD Assessment Requirements  https://www.acquisition.gov/dfars/part-252-solicitation-provisions-and-contract-clauses#DFARS-252.204-7020

 

DFARS 254.202.7021 Cybersecurity Maturity Model Certification Requirements  https://www.acquisition.gov/dfars/part-252-solicitation-provisions-and-contract-clauses#DFARS-252.204-7021

DoD CUI Program Home  https://www.dodcui.mil/

DoD CUI Awareness and Marking  https://www.dodcui.mil/Portals/109/Documents/Training%20Docs/21-S-0588%20cleared%20CUI%20Awareness%20Training%20Nov%202020.pdf?ver=eOMZuMPrdLXcnhS6egUe2w%3d%3d

DoD CUI Mandatory Training  https://securityhub.usalearning.gov/index.html

NARA Archives- CUI  https://www.archives.gov/cui

NIST

NIST Main List of Special Publications  https://csrc.nist.gov/publications/sp800

 

NIST Main List of NISTIRs https://csrc.nist.gov/publications/nistir

 

SP800-171 rev2 Protecting CUI in Non-Federal Systems https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r2.pdf

 

SP800-171A Assessing Security Requirements for CUI   https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171A.pdf

 

SP800-172  https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-172.pdf

 

SP800-172A Enhanced Requirements for Protecting CUI: Supplement to SP800 -171  https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-175A.pdf

 

SP800-171 rev2 CUI SSP Template  https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-SSP-Template-final.docx

 

SP800-171 rev2 CUI POAM Template  https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-Plan-of-Action-Template-final.docx

 

SP800-53 rev4 Controls for Federal Information Systems (Withdrawal Date 9/23/2021)  https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf

SP800-53A rev4 Assessing Controls in Federal Systems   https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53Ar4.pdf

 

SP800-53 rev5 Controls for Information Systems https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf

 

SP800-53A rev5 Assessing Security and Privacy Controls in Federal Information Systems 

https://csrc.nist.gov/publications/detail/sp/800-53a/rev-5/final

 

SP800-53B Control Baselines in Federal Systems  https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53B.pdf

 

SP800-18 rev1 Develop SSP for Federal Systems  https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-18r1.pdf

 

SP800-30 rev1 Conducting Risk Assessment  https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf

 

SP800-37 Risk Management Framework (RMF) for Information Systems  https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf

Other

FedRAMP Marketplace  https://marketplace.fedramp.gov/#!/products?sort=productName

 

US-CERT  https://www.cisa.gov/cybersecurity

 

Federal Information Security Modernization Act (FISMA) of 2014  https://www.whitehouse.gov/wp-content/uploads/2018/10/M-19-02.pdf