Cybersecurity Frameworks
Cybersecurity frameworks define the standards and best practices organizations must follow to protect Controlled Unclassified Information (CUI) and meet Federal compliance. At this stage, we’re focusing on the NIST SP 800-171 Revision 2 framework — the foundation for most Federal contractor requirements.
Current Framework
NIST SP 800-171 R2
NIST SP 800-171 R2 establishes security requirements for protecting CUI in non-Federal systems. It serves as the core framework for Federal contractors and is referenced in DFARS 252.204-7012 under Title 48 of the Code of Federal Regulations (CFR), Chapter 2 — Defense Acquisition Regulations System (DFARS).
Compliance with NIST SP 800-171 R2 is also tied to the Cybersecurity Maturity Model Certification (CMMC) program, which measures adherence to these standards.
Future Frameworks (Coming Soon)
NIST SP 800-171r2 and CMMC 2.0
NIST SP 800-171r3 and CPCSC
NIST SP 800-53r4
NIST SP 800-53r5
Initial Press Release: Read More
Understanding Where These Requirements Come From
Title 48 of the Code of Federal Regulations (CFR), Chapter 2 (DFARS) outlines cybersecurity requirements for Federal contractors. The clause DFARS 252.204-7012 mandates compliance with NIST SP 800-171, ensuring proper protection for Controlled Unclassified Information (CUI).
The Cybersecurity Maturity Model Certification (CMMC) builds upon NIST SP 800-171 as a third-party attestation program, gradually becoming a requirement for all Federal contracts by late 2025.
Learn More about where requirements come from.