Information technology blog, cybersecurity blog

Controlled unclassified information (CUI) falls under one of two categories: CUI Basic and CUI Specified. But how do the two differ? Do the differences matter with becoming compliant with the Cybersecurity Maturity Model Certification (CMMC) requirements?

If you’re a contractor or subcontractor working with the Department of Defense, then you’re already familiar with the reporting requirements for the government’s Supplier Performance Risk System (SPRS).

If you are a company that works with the government you are familiar with the rules and regulations that surround information labelled as sensitive, top secret or classified. You most likely know about the National Institute of Standards and Technology (NIST) Special Publication 800-171 and Cybersecurity Maturity Model Certification (CMMC).

As a Department of Defense (DoD) contractor or subcontractor within the Defense Industrial Base (DIB), you're likely wondering when you'll get to the finish line in your race to become compliant with the Cybersecurity Maturity Model Certification (CMMC) 2.0 requirements.

After many months, perhaps even more than a year of work, you’re ready to get assessed by a certified third-party assessor organization (C3PAO) under the Cybersecurity Maturity Model Certification (CMMC).

If you’ve already found and corrected security flaws through a CMMC gap analysis, your next move as a Department of Defense (DoD) contractor or subcontractor needing CMMC certification is the “prove it” stage.

Have you already identified your federal contract information (FCI) or controlled unclassified information (CUI) to establish a CUI boundary and determine your CMMC level?

With the risks of a cyber incident such as malware, ransomware, or data breach growing, the Department of Defense (DoD) created a new assessment mandate within the Cybersecurity Maturity Model Certification (CMMC) program to increase the security of its supply chain.