Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Government Contractor Requirements

Guidance to help your business comply with Federal government security requirements

NSA DIB Cybersecurity Services – NSA offers no-cost cybersecurity services to any company that contracts with DoD (sub or prime) or has access to non-public DoD information. NSA's services help protect against some of the most common nation-state exploitation vectors and are powered by unique, non-public indicators of known malicious activity derived from NSA's signals intelligence, cybersecurity analytic expertise, and engagements with partners.
National Security Agency/Central Security Service

DFARS Cybersecurity Requirements – Information for Department of Defense (DoD) contractors that process, store or transmit Controlled Unclassified Information (CUI) who must meet the Defense Federal Acquisition Regulation Supplement (DFAR). DFAR provides a set of basic security controls.
Manufacturing Extension Partnership

NIST SP 800-171 – provides requirements for protecting the confidentiality of CUI.
National Institute of Standards and Technology

Project Spectrum - The Department of Defense (DoD) Office of Small Business Programs (OSBP) initiated Project Spectrum as a comprehensive platform to provide the tools and training needed to increase cybersecurity awareness and maintain compliance in accordance with DoD contracting requirements. NOTE: the resources offered through Project Spectrum are free but require a one-time registration and subsequent login to access the resources.

  • Cyber Readiness Check and Training Videos  - Taking one of the Cyber Readiness Checks can help your organization determine its current level of security based on NIST 800-171, CMMC Level 1 and CMMC Level 2 requirements. These readiness checks serve as a great first step in your organization’s cybersecurity journey. – The SBA supported Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) website has many resources for small businesses doing business with the Federal Government. Please check under “ANNOUNCEMENTS” for cybersecurity events. Check under “RESOURCES” for tutorials. Examples of cybersecurity events are programs to assist a small business in using the NIST Framework (NIST SP 800-171) and for understanding CMMC 2.0 requirements.

US Air Force CISO’s “Blue Cyber” Small Business Cybersecurity – From the Office of the Air Force CISO, “Blue Cyber” has training videos, presentations and memos for defense industrial base small businesses to help them align to cybersecurity best practices. The program includes an “Ask Me Anything” event on Tuesdays.

  • Following The DFARS in Your Small Business Contract  – This video presentation will guide your small business through some of the requirements and cybersecurity procedures that need to be in place to protect sensitive DoD data and networks.
    Air Force Blue Cyber Education Series
  • Small Business Needs Big Cybersecurity – This presentation will take you through the vital areas of cybersecurity collaboration for small businesses in the Defense Industrial Base (DIB).

Office of the Air Force CISO

Created August 24, 2020, Updated February 7, 2024