THE CMMC
INTELLIGENCE ARCHIVE
Stop searching through fragmented government sites. Access the definitive repository of NIST 800-171 controls, DFARS clauses, and Assessment Guides in one secure location.
CMMC and DoW
Compliance Documentation
This page provides direct access to official documentation related to CMMC, CUI, DFARS, NIST, and Department of Defense cybersecurity requirements.
These resources are publicly available and maintained by the government and standards bodies. We organize them here to make it easier for defense contractors to find, review, and reference the documents that matter most.
We avoid duplicating or modifying official guidance and instead link directly to authoritative sources.
CMMC PROGRAM DOCUMENTATION
These documents define the CMMC program itself, assessment processes, and official guidance.
- Cybersecurity Maturity Model Certification Program
- Cybersecurity Maturity Model Certification Model Overview
- CMMC Model Version 2.0
- CMMC 2.0 Model Excel Modified
- CMMC 1.02 Model Excel Modified
- Cybersecurity Maturity Model Certification 2.0 Updates and Way Forward
- Realignment of Responsibility for CMMC
- CMMC Assessment Process CAP v1.0 Pre Decisional Draft
- CMMC Self Assessment Guide Level 1
- CMMC Assessment Guide Level 2
- CMMC Self Assessment Scope Level 1
- CMMC Assessment Scope Level 2
- CMMC Glossary and Acronyms
CUI AND INFORMATION HANDLING
Documents related to Controlled Unclassified Information and handling requirements.
- 32 CFR 2002 Controlled Unclassified Information
- 32 CFR 2002 Controlled Unclassified Information Final Rule
- Executive Order 13556 Controlled Unclassified Information
- DoW Instruction 5200.48 CUI Program
- DoW CUI Registry
- DoW CUI Marking Guide
- CUI FAQ
- CUI SSP Template
- NARA CUI Categories Not in DoD CUI Registry
- NARA CUI Marking Handbook
- NARA ISOO CUI Notice 2019 03 Destroying CUI
- NARA ISOO CUI Notice 2020 04 Assessing Security Requirements
DFARS AND FAR REQUIREMENTS
- FAR 4.1901 Definitions
- FAR 52.204 21 Basic Safeguarding of Covered Contractor Information Systems
- DFARS 252.204 7008 Compliance with Safeguarding CDI
- DFARS 252.204 7009 Limitations on Use or Disclosure
- DFARS 252.204 7012 Safeguarding CDI and Cyber Incident Reporting
- DFARS 252.204 7012 Flowdown to International Suppliers
- DFARS 252.204 7019 Notice of NIST SP 800 171 Assessment
- DFARS 252.204 7020 NIST SP 800 171 DoD Assessment
- DFARS 252.204 7021 CMMC Requirement
- DFARS Cyber FAQ 115
- DFARS Safeguarding CDI One Pager Basics
- Contractual Remedies for DFARS 7012 Non 7020 Contracts
NIST STANDARDS AND ASSESSMENT GUIDANCE
- NIST SP 800 171 r2
- NIST SP 800 171A
- NIST SP 800 172
- NIST SP 800 172A
- NIST SP 800 53 r5
- NIST SP 800 53B
- NIST SP 800 53A r5 Draft
- NIST CSF Cybersecurity Framework
- NIST SP 800 37 r2 Risk Management Framework
- NIST SP 800 30 r1 Risk Assessments
- NIST SP 800 39 Managing Information Security Risk
- NIST SP 800 18 System Security Plans
- NIST SP 800 60 Information Categorization
- NIST SP 800 50 Security Awareness
- NIST SP 800 16 Security Training
- NIST SP 800 40 Patch Management
- NIST SP 800 41 Firewalls
- NIST SP 800 88 Media Sanitization
- NIST SP 800 111 Storage Encryption
- NIST SP 800 124 Mobile Device Security
- NIST SP 800 125B Secure Virtual Network Configuration
- NIST SP 800 128 Configuration Management
- NIST IR 7621 Small Business Security Fundamentals
DOW INSTRUCTIONS AND MANUALS
Department of War policies governing security, records, and IT systems.
- DoW Instruction 8500 01 Cybersecurity Program
- CMMC Documentation | CMMC Training Academy
- DoW Instruction 8582 01 Security of Non DoW Systems
- DoW Instruction 5200 01 Information Security Program
- DoW Manual 5200 01 Volume 1 Classification
- DoW Manual 5200 01 Volume 2 Marking
- DoW Manual 5200 01 Volume 3 Protection
- DoW Instruction 5015 02 Records Management
- DoW Instruction 5230 09 Clearance of DoW Information
- DoW Instruction 5230 24 Distribution Statements
- DoW Instruction 5230 29 Security Review
- DoW Instruction 5400 04 Provision of Information to Congress
- DoW Manual 5400 07 FOIA Program
- DoW Directive 5230 09 Public Release of Information
FEDRAMP AND GOVERNMENT CLOUD
Cloud security requirements and government hosting guidance.
- FedRAMP Security Controls Baseline
- FedRAMP Low Moderate CIS Workbook Template
- FedRAMP High CIS Workbook Template
- FedRAMP SSP Moderate Baseline Template
- DoW Cloud Computing Security Requirements Guide
- DoW FedRAMP Equivalency
- DoW OCONUS Cloud Strategy
- NIST SP 500 292 Cloud Computing Reference Architecture
- NIST Definition of Cloud Computing
CLOUD PROVIDER CMMC GUIDANCE
NATIONAL AND INTERNATIONAL FRAMEWORKS
LEGAL AND STATUTORY REFERENCES
SUPPLY CHAIN AND ACQUISITION
SECURE THE MASTER ARCHIVE
Download the full offline dossier covering NIST 800-171, DFARS, and assessment guides.