Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Government Contractor Requirements

Guidance to help your business comply with Federal government security requirements

DFARS Cybersecurity Requirements – Information for Department of Defense (DoD) contractors that process, store or transmit Controlled Unclassified Information (CUI) who must meet the Defense Federal Acquisition Regulation Supplement (DFAR). DFAR provides a set of basic security controls.
Manufacturing Extension Partnership

NIST Handbook 162 – provides a step-by-step guide to assess a manufacturer’s information systems against the security requirement in NIST SP 800-171 rev 1.
National Institute of Standards and Technology

NIST SP 800-171 – provides requirements for protecting the confidentiality of CUI.
National Institute of Standards and Technology – The SBA supported Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) website has many resources for small businesses doing business with the Federal Government. Please check under “ANNOUNCEMENTS” for cybersecurity events. Check under “RESOURCES” for tutorials. Examples of cybersecurity events are programs to assist a small business in using the NIST Framework (NIST SP 800-171) and for understanding CMMC 2.0 requirements.

US Air Force CISO’s “Blue Cyber” Small Business Cybersecurity – From the Office of the Air Force CISO, “Blue Cyber” has training videos, presentations and memos for defense industrial base small businesses to help them align to cybersecurity best practices. The program includes an “Ask Me Anything” event on Tuesdays.

Created August 24, 2020, Updated May 16, 2022