References

The below links point to Reference documentation outside of this Wiki. These references are the underlying detail behind much of what is described here. These links are linked throughout the Wiki, but also captured here for convenience.

NIST Special Publications

• NIST SP 800-171 Rev. 2 - Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
• NIST SP 800-171A - Assessing Security Requirements for Controlled Unclassified Information
• NIST SP 800-53 Rev. 5 - Security and Privacy Controls for Information Systems and Organizations
• NIST SP 800-53A Rev. 5 - Assessing Security and Privacy Controls in Information Systems and Organizations
• NIST SP 800-172 - Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171
• NIST SP 800-172A - Assessing Enhanced Security Requirements for Controlled Unclassified Information
• NIST SP 800-88 Rev. 1 - Guidelines for Media Sanitization
• NIST SP 800-162 - Guide to Attribute Based Access Control (ABAC) Definition and Considerations
• NIST SP 800-207 - Zero Trust Architecture

Cybersecurity Maturity Model Certification (CMMC)

• CMMC 2.0 Model
• CMMC 2.0 Level 1 Self-Assessment Guide
• CMMC 2.0 Level 2 Assessment Guide

Federal Acquisition Register (FAR)

• FAR 52.204-21 - Basic Safeguarding of Covered Contractor Information Systems.

Defense Federal Acquisition Regulation Supplement (DFARS)

• DFARS 252.204-7012 - Safeguarding Covered Defense Information and Cyber Incident Reporting.
• DFARS 252.204-7019 - Notice of NIST SP 800-171 DoD Assessment Requirements.
• DFARS 252.204-7020 - NIST SP 800-171 DoD Assessment Requirements.
• DFARS 252.204-7021 - Cybersecurity Maturity Model Certification Requirements.