CMMC Helpful Links
Additional CMMC Resources
SP6 is here to help you navigate Cyber Compliance.
Cybersecurity Awareness and Training
(CUI Program Training and Awareness Products)
DoD CUI 101– The lifecycle of CUI
DoD Mandatory CUI Training
- Video/CBT: DoD Mandatory Controlled Unclassified Information (CUI) Training (usalearning.gov)
- PPT Template: CI Policy Publications Update (dodcui.mil)
DoD Posters and such: Job Aids (cdse.edu)
DoD Marking Training: PowerPoint Presentation (dodcui.mil)
Insider Threat Awareness (usalearning.gov) DoD Perspective
Recognizing and reporting Insider threat (DHS / CISA Perspective)
The CUI Registry (NARA)
CUI Training: CUI Training | National Archives
DoD
- Cyber Awareness Challenge (2023) – Nice add for cybersec professionals and CUI users, BUT has classified information content not applicable to all DoD contractors.
- Privileged Users Cybersecurity Responsibilities (Users with Security Functions)
- Annual Cy
- Identifying and Safeguarding Personally Identifiable Information (PII)
(Managing (or accessing) an information system with Privacy components (CUI//PRVCY, CUI//MIL, CUI//SP-PERS)) - Cyber Risk Assessment (Cyber Protect)
DHS – Cybersecurity & Infrastructure Security Agency (CISA) Training Material
- Reference Securing Critical and High-Value Assets (HVAs) – CMMC Level 3
- Intro to Investigating Logs for Incidents – CMMC Level 2
- Intro to incident Analysis
- Understanding Indicators of Compromise (IOCs) for HVAs
CISA Tabletop Exercise Packages (Test your Incident Response Plan Per CMMC Level 2)
Incident Response, Reporting, and Testing
Medium Assurance Certificate / External Certification Authority (ECA) External Certification Authorities (ECA) – DoD Cyber Exchange
System Hardening Principles, Standards, and Checklists
NIST Templates
Contract and Legal Risk (Non-Compliance is more expensive than Compliance)
6 Defense Industry Whistleblowers That Earned Substantial Rewards (whistleblowerattorneys.com)
Department of Defense Office of Inspector General > Components > Administrative Investigations > Whistleblower Reprisal Investigations (dodig.mil)
DOD Inspector General Hotline and Whistle Blower Protection > U.S. Department of Defense > Article
Optional Artifacts and Products
Optional CUI coversheet (helps with the concept of at least one layer of protection for safeguarding hardcopies of CUI)
Optional CUI destruction label (helps track approvals and can aid in the tracking and creation of Certificate of Destructions)
How to define a controlled environment / Operating Environment (NARA YouTube Video)
Validating your encryption is FIPS-validated (vs FIPS-compliant) (from NIST CMVP)
Building a common language with the NIST Glossary
DoD Procurement Toolbox –> Cybersecurity –> Cybersecurity FAQs (Many questions on DFARS and CMMC compliance answered by the DoD, including technical implementation and the answer to one of my favorite questions “Is DFARS 7012 and allowable cost?” See Q13 – A13.
