Policy/Regulations
Safeguarding Covered Defense Information and Cyber Incident Reporting
| Name | Date | |
|---|---|---|
| Implementing the Cybersecurity Maturity Model Certification (CMMC) Program | 02/2025 | View >> |
| Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041) | 11/2020 | View >> |
| DoD Instruction 5200.48 Controlled Unclassified Information (CUI) | 03/2020 | View >> |
| DoDI 8582.01, Security of Unclassified DoD Information on Non-DoD Information Systems (Under Revision) | 03/2020 | View >> |
| DFARS Rule 204.73 - Safeguarding Covered Defense Information and Cyber Incident Reporting | 06/2017 | View >> |
| DFARS Provision 252.204-7008 - Compliance with Safeguarding Covered Defense Information Controls | 06/2017 | View >> |
| DFARS Clause 252.204-7009 - Limitations on the Use or Disclosure of Third-Party Contractor Reported Cyber Incident Information | 06/2017 | View >> |
| DFARS Clause 252.204-7012 - Safeguarding Covered Defense Information and Cyber Incident Reporting | 06/2017 | View >> |
| DFARS Case 2013-D018, Network Penetration Reporting and Contracting for Cloud Services, Final Rule, dated October 21, 2016 | 10/2016 | View >> |
| DFARS Case 2013-D018, Network Penetration Reporting and Contracting for Cloud Services, Interim Rule, dated December 30, 2015 | 12/2015 | View >> |
| DFARS Case 2013-D018, Network Penetration Reporting and Contracting for Cloud Services, Interim Rule, August 26, 2015 | 08/2015 | View >> |
| DFARS Case 2011–D039, Safeguarding Unclassified Controlled Technical Information, Final rule, dated November 18, 2013 | 11/2013 | View >> |
Cloud Computing Services
| Name | Date | |
|---|---|---|
| DFARS Rule 239.76 - Cloud Computing | 06/2017 | View >> |
| DFARS Provision 252.239-7009 - Representation of Use of Cloud Computing | 06/2017 | View >> |
| DFARS Clause 252.239-7010 - Cloud Computing Services | 06/2017 | View >> |
Other
| Name | Date | |
|---|---|---|
| NIST SP 800-171 DoD Assessment Methodology | 06/2020 | View >> |
| NIST Special Publication 800-171, Revision 2 - Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations Final Rule, February 2020 | 02/2020 | View >> |
| Assessing Contractor Implementation of Cybersecurity Requirements | 11/2019 | View >> |
| NIST SP 800-171A, Assessing Security Requirements for Controlled Unclassified Information | 10/2018 | View >> |
| NIST SP 800-18 Rev 1, Guide for Developing Security Plans for Federal Information Systems | 12/2017 | View >> |
| PGI 204.73, Revised Dec 1, 2017 | 12/2017 | View >> |
| Note Regarding NIST Special Publication 800-171, Revision 1 - Security Requirement 3.12.4, System Security Plan | 11/2017 | View >> |
| FAR Case 2011-020, Basic Safeguarding of Contractor Information Systems | 06/2017 | View >> |
| DoDI 5000.02, Enclosure 14, Cybersecurity in the Defense Acquisition System | 02/2017 | View >> |
| 32 CFR Part 236, DoD Defense Industrial Base Cybersecurity Activities | 10/2016 | View >> |
| 32 CFR Part 2002, Controlled Unclassified Information | 09/2016 | View >> |