NIST 800-171/CMMC Resources

Resources, Templates, and Guides

Program Information

32 CFR Final Rule

This is the actual final rule that appears in the Federal Register that defines the CMMC program

48 CFR Proposed Rule

This is the rule that defines how CMMC requirements will show up in DoD contracts. It is expected to be finalized by Q2 2025

CMMC 101 Brief

High level program overview provided by the Department of Defense

DoD Official CMMC 2.0 Landing Page

Definitive source from information regarding CMMC 2.0 directly from the Department of Defense

CMMC Model Overview

Overview guide of the CMMC Model

CMMC 2.0 Level 1 Self-Assessment Guide (October 2024)

Assessment guide for the subset of 800-171 controls and determination statements applicable to CMMC 2.0 Level 1

CMMC 2.0 Level 1 Assessment Scope Guide (October 2024)

Defines the scope Self-Assessment will be looking at for CMMC 2.0 Level 2

CMMC 2.0 Level 2 Assessment Guide (October 2024)

Assessment guide for the subset of 800-171 controls and determination statements applicable to CMMC 2.0 Level 2

CMMC 2.0 Level 2 Assessment Scope Guide (October 2024)

Defines the scope Assessors will be looking at for CMMC 2.0 Level 2

CMMC Assessment Process(CAP) Guide - December 2024

Detailed instructions on the process used for assessing Organizations Seeking Compliance

CMMC Glossary

Extensive glossary of terms around CMMC

DoD CUI Information Site

Official site for information about Controlled Unclassified Information

NIST 800-171 R2 Guide

NIST Guide book with detailed control definitions for Rev 2. Currently the basis for CMMC 2.0 L1 and 2

NIST 800-171A R2 Assessment Guide

Assessment guide that details each control and determination statements

NIST 800-171 R2 Assessment Template

Excel Spreadsheet to track status of compliance by control

NIST 800-171 R3 Guide

NIST Guide book with detailed control definitions for Rev 3. - THIS IS NOT THE BASIS FOR CMMC

NIST 800-171A R3 Assessment Guide

Assessment guide that details each control and determination statements - THIS IS NOT THE BASIS FOR CMMC

Educational Resources

Decoding the CMMC Final Rule - October 2024

One hour presentation hosted by Preveil, a secure messaging and file share platform. The presentation does a deep dive into the 32 CFR CMMC final rule, its phased roll-out plans, requirements to comply, and its impact on External Service Providers (ESP) (including MSPs)

GRC Academy

Free on-line training on CMMC/NIST 800-171 basics

Summit 7: Seven Steps to CMMC Compliance

A YouTube playlist with a high level explanation of the steps and timelines for small and medium businesses to achieve CMMC compliance

Share Responsibility Model (Video)

Excellent 77-minute video explaining the importance of the shared responsibility matrix for the relationship between the contractor, the MSP, and the MSPs third party vendors

CMMC 2.0 Shared Responsibility Matrix Template

Sample Template for a Shared Responsibility Matrix for MSPs to fill out with their clients

CMMC Center of Awesomeness (COA)

Informative (and entertaining) website with lots of information and free resources

Microsoft Learn: “Getting Started with Microsoft for CMMC”

Free course available on Microsoft Learn Platform

Share Responsibility Model (Video)

Excellent 77-minute video explaining the importance of the shared responsibility matrix for the relationship between the contractor, the MSP, and the MSPs third party vendors