The government requires federal contractors to protect controlled unclassified information (CUI) in accordance with requirements defined in NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. The Cybersecurity Maturity Model Certification or CMMC program is designed to ensure contractors fully meet their requirements under 800-171 by having 3rd Party assessments certify compliance with NIST SP 800-171.
Established by EO13556, the CUI program standardizes the way the executive branch stores, handles and transmits unclassified information that requires safeguarding or dissemination controls pursuant to and consistent with law, Federal regulations, & Government-wide policies. Understanding WHAT your organization must protect is a critical step in determining HOW you must protect it.
Alex Major discusses CUI and how DIB companies can implement processes to protect critical defense information without creating barriers to companies working in or planning to work in the U.S. defense industrial base.