NIST 800-171/CMMC Resources
Resources, Templates, and Guides
Program Information
This is the actual final rule that appears in the Federal Register that defines the CMMC program
This is the rule that defines how CMMC requirements will show up in DoD contracts. It is expected to be finalized by Q2 2025
High level program overview provided by the Department of Defense
DoD Official CMMC 2.0 Landing Page
Definitive source from information regarding CMMC 2.0 directly from the Department of Defense
Overview guide of the CMMC Model
CMMC 2.0 Level 1 Self-Assessment Guide (October 2024)
Assessment guide for the subset of 800-171 controls and determination statements applicable to CMMC 2.0 Level 1
CMMC 2.0 Level 1 Assessment Scope Guide (October 2024)
Defines the scope Self-Assessment will be looking at for CMMC 2.0 Level 2
CMMC 2.0 Level 2 Assessment Guide (October 2024)
Assessment guide for the subset of 800-171 controls and determination statements applicable to CMMC 2.0 Level 2
CMMC 2.0 Level 2 Assessment Scope Guide (October 2024)
Defines the scope Assessors will be looking at for CMMC 2.0 Level 2
CMMC Assessment Process(CAP) Guide - December 2024
Detailed instructions on the process used for assessing Organizations Seeking Compliance
Extensive glossary of terms around CMMC
Official site for information about Controlled Unclassified Information
NIST Guide book with detailed control definitions for Rev 2. Currently the basis for CMMC 2.0 L1 and 2
NIST 800-171A R2 Assessment Guide
Assessment guide that details each control and determination statements
NIST 800-171 R2 Assessment Template
Excel Spreadsheet to track status of compliance by control
NIST Guide book with detailed control definitions for Rev 3. - THIS IS NOT THE BASIS FOR CMMC
NIST 800-171A R3 Assessment Guide
Assessment guide that details each control and determination statements - THIS IS NOT THE BASIS FOR CMMC
Educational Resources
Decoding the CMMC Final Rule - October 2024
One hour presentation hosted by Preveil, a secure messaging and file share platform. The presentation does a deep dive into the 32 CFR CMMC final rule, its phased roll-out plans, requirements to comply, and its impact on External Service Providers (ESP) (including MSPs)
Free on-line training on CMMC/NIST 800-171 basics
Summit 7: Seven Steps to CMMC Compliance
A YouTube playlist with a high level explanation of the steps and timelines for small and medium businesses to achieve CMMC compliance
Share Responsibility Model (Video)
Excellent 77-minute video explaining the importance of the shared responsibility matrix for the relationship between the contractor, the MSP, and the MSPs third party vendors
CMMC 2.0 Shared Responsibility Matrix Template
Sample Template for a Shared Responsibility Matrix for MSPs to fill out with their clients
CMMC Center of Awesomeness (COA)
Informative (and entertaining) website with lots of information and free resources
Microsoft Learn: “Getting Started with Microsoft for CMMC”
Free course available on Microsoft Learn Platform
Share Responsibility Model (Video)
Excellent 77-minute video explaining the importance of the shared responsibility matrix for the relationship between the contractor, the MSP, and the MSPs third party vendors