Government Contractor Resources

Resources to help your business comply with Federal government security requirements

• Protecting Controlled Unclassified Information (CUI): NIST Special Publication 800-171, Revision 3 Small Business Primer — helps smaller, under-resourced organizations better protect Controlled Unclassified Information (CUI). The guide includes frequently asked questions, foundational terminology, tips for implementation, additional resources, and more. 
  National Institute of Standards and Technology

  

  Small Business Cybersecurity Webinar - Protecting Controlled Unclassified Information: Overview of SP 800-171 r3
• NIST's Protecting Controlled Unclassified Information Project Page. The suite of guidance (NIST Special Publication (SP) 800-171, SP 800-171A, SP 800-172, and SP 800-172A) focuses on protecting the confidentiality of CUI and recommends specific security requirements to achieve that objective.
  National Institute of Standards and Technology
   
• DFARS Cybersecurity Requirements – Information for Department of Defense (DoD) contractors that process, store or transmit Controlled Unclassified Information (CUI) who must meet the Defense Federal Acquisition Regulation Supplement (DFAR). DFAR provides a set of basic security controls.
  NIST Manufacturing Extension Partnership
   
• Project Spectrum's Cyber Readiness Check and Training Videos  - Taking one of the Cyber Readiness Checks can help your organization determine its current level of security based on NIST 800-171, CMMC Level 1 and CMMC Level 2 requirements. 
  Project Spectrum
   
• SBIR.gov – The SBA supported Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) website has many resources for small businesses doing business with the Federal Government. 
  U.S. Small Business Administration
   
• US Air Force CISO’s “Blue Cyber” Small Business Cybersecurity – “Blue Cyber” has training videos, presentations and memos for defense industrial base small businesses to help them align to cybersecurity best practices. 
  U.S. Air Force, Office of the Air Force CISO

Finding Help When You Need It

Certain commercial entities may be identified in this website or linked websites. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.

• Defense Industrial Base Managed Service Provider Shopping Guide for Small & Medium-Sized Businesses –This content was developed by member company participants of the National Defense Information Sharing & Analysis Center (ND-ISAC) to assist and inform small and medium-sized businesses (SMBs) in selecting a Managed Service Provider (MSP) which can assist SMB compliance with evolving Department of Defense (DoD) cybersecurity requirements. 
  National Defense Information Sharing & Analysis Center (ND-ISAC)
   
• NSA DIB Cybersecurity Services – NSA offers no-cost cybersecurity services to any company that contracts with DoD (sub or prime) or has access to non-public DoD information. NSA's services help protect against some of the most common nation-state exploitation vectors and are powered by unique, non-public indicators of known malicious activity derived from NSA's signals intelligence, cybersecurity analytic expertise, and engagements with partners.
  National Security Agency/Central Security Service
   
• Project Spectrum - The Department of Defense (DoD) Office of Small Business Programs (OSBP) initiated Project Spectrum as a comprehensive platform to provide services, tools, and training needed to increase cybersecurity awareness and maintain compliance in accordance with DoD contracting requirements. NOTE: the resources offered through Project Spectrum are free but require a one-time registration and subsequent login to access the resources.
  Project Spectrum