This ABCI online self-study foundations course for Awareness Training about the Cybersecurity Maturity Model Certification (CMMC) includes the following Modules:
- Module 1 – CMMC and DFARs Course Introduction
- Module 2 – Information Security Management Systems (ISMS)
- Module 3 – CUI and NIST 800-171
- Module 4 – DFARs Clause 252.204-7012
- Module 5 – DFARs Clause 252.204-7012 Q&A
- Module 6 – Cybersecurity Maturity Model Certification (CMMC)
NIST Special Publication 800-171 and the Defense Federal Acquisition Regulation supplement (DFAR) Clause 252.204-7012 for safeguarding and reporting Covered Defense Information (CDI).
Controlled Unclassified Information (CUI) is any information that law, regulation, or governmentwide policy requires to have safeguarding or disseminating controls.
- CUI supports federal missions and business functions that affect the economic and national security interests of the United States.
Non-federal organizations:
- colleges, universities,
- state, local and tribal governments,
- federal contractors and subcontractors often process, store, or transmit CUI.
NIST Special Publication 800-171 defines the security requirements for protecting CUI in non-federal information systems and organizations.
- Requirements are organized into fourteen families.
- Each family contains the requirements related to the general security topic of the family.
Defense Federal Acquisition Regulation supplement (DFARs) Clause 252.204-7012 is required in all contracts except for contracts solely for the acquisition of COTS items.
- In addition the Contractor shall include the clause in subcontracts for which performance will involve Covered Defense Information or Operationally Critical Support.
- CDI, is used to describe information that requires protection under DFAR Clause 252.204-7012.
- It is defined as unclassified Controlled Technical Information or other information as described in the CUI Registry.
(http://www.archives.gov/cui/registry/category-list.html)
- CUI requires safeguarding/dissemination controls AND IS EITHER marked or otherwise identified in the contract and provided to the contractor by D o D in support of performance of the contract;
- Or the CDI is collected, developed, received, transmitted, used or stored by the contractor in performance of contract.