Prepare, Protect, and Comply
 

Protecting sensitive information is essential for any organization that works with the Department of War (DoW). This page brings together practical cybersecurity resources, training, and tools to help businesses understand and meet DoW requirements, including the Cybersecurity Maturity Model Certification (CMMC). Whether you are new to federal contracting or preparing for assessment, you will find clear guidance, free training, readiness checks, and trusted materials from DoW, Cybersecurity Infrastructure and Security Agency (CISA), National Institute of Science and Technology (NIST), and national partners. Use these resources to strengthen your cybersecurity practices, reduce risk, and build confidence in your ability to safeguard Federal Contract Information and Controlled Unclassified Information.

Department of Defense Cybersecurity Maturity Model Certification (CMMC)

The Cybersecurity Maturity Model Certification (CMMC) is a program from the U.S. Department of War (DoW) that ensures contractors protect sensitive information. The program is designed to increase trust in compliance with National Institute of Standards and Technology (NIST) standards. 

The CMMC Program: 

• Enforces the protection of sensitive unclassified information shared by the DoW with its contractors and subcontractors
• Combines controls from NIST SP 800-171 and other sources
• Streamlines requirements to three levels of cybersecurity
• Applies to organizations supporting the DoW or higher education research institutions handling the following types of data:
  • Federal Contract Information (FCI)
  • Controlled Unclassified Information (CUI)
  • Covered Defense Information (CDI)

Get Help to Become CMMC Certified:

• Project Spectrum is a cybersecurity education, awareness, and compliance resource from the DoW Office of Industrial Base Growth to provide the tools and training needed to increase cybersecurity awareness and maintain compliance in accordance with DoW contracting requirements.
  
   

Project Spectrum

• Training Courses - Free of charge courses for small business to increase cyber knowledge and raise the overall level of cybersecurity hygiene. Registration required.
   
• Cyber Readiness Check - If you are handling Controlled Unclassified Information (CUI) or Federal Contract Information (FCI) on your network or information systems, there are compliance standards you are required to meet. Taking one of our Cyber Readiness Checks will help you determine your current level of security based on NIST 800-171,Cybersecurity Maturity Model Certification (CMMC) Level 1 and CMMC Level 2 requirements. These readiness checks serve as a great first step in your cybersecurity journey. Registration required. 
   
• Cyber Readiness Check Training - Our Cyber Readiness Training videos cover all NIST 800-171, CMMC Level 1 and CMMC Level 2 controls in a fun and engaging way. Prior to taking one of our Cyber Readiness Checks, please take some time to enjoy these videos and prepare yourself to conduct your self assessments. Registration required. 
   
• Useful Tools - Independent, third-party assessment of various cybersecurity-related platforms prepared by our cyber advisors. These reviews are vendor-agnostic and should not be interpreted as an endorsement for any product or platform. Registration required. 

Cybersecurity Infrastructure and Security Agency (CISA) - Secure Our World Campaign

• Secure Your Business - No business is too small to be a target for online crime—the fact is, small businesses are much more likely to be targeted by cybercriminals than larger companies. Did you know that a majority of small and medium-sized businesses who suffer a cyberattack often close as a result? CISA recommends four simple steps you can take to make your business much safer from online dangers: 1) Teach Employees to Avoid Phishing; 2) Require Strong Passwords; 3) Require Multifactor Authentication; and 4) Update Business Software.

National Institute of Standards and Technology (NIST)

• NIST 5-Step Cybersecurity Framework - The Framework is voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders.
   
• Enabling Multi-factor Authentication
  • Video: Multi-Factor Authentication
  • Small Business Cybersecurity Corner: Multi-Factor Authentication
  • Small Business Cybersecurity Corner Fact Sheet
  • NCCoE Buzz: Mobile Security Edition Series
     
• Using Strong Passwords and a Password Manager
  • NCCoE Fact Sheet: Securing Property Management Systems
  • Video: Password Guidance from NIST
  • Video: How Good are Kids at Making Passwords?
     
• Updating Software
  • Secure Software Development Framework 
  • National Vulnerability Database
  • National Software Reference Library (NSRL)
  • Software Assurance Metrics and Tool Evaluation (SAMATE)
  • Security Consideration for Code Signing Whitepaper
  • NCCoE One Pager: Securing Distributed Energy Resources
  • NCCoE Fact Sheet: Securing Distributed Energy Resources
  • NCCoE Project: Software Supply Chain and DevOps Security Practices
    ​
• Recognizing and Reporting Phishing
  • You've Been Phished (for individuals)
  • Introducing Phish Scale (for organizations)
  • Video: Protecting Your Small Business: Phishing
  • Small Business Cybersecurity Corner: Phishing
  • Small Business Cybersecurity Corner Fact Sheet
  • NCCoE One Pager: Protecting Your Data from Ransomware and Other Data Loss Events

National Cybersecurity Alliance

The National Cybersecurity Alliance’s CyberSecure My Business™ is a national program helping small and medium-sized businesses (SMBs) learn to be safer and more secure online.

Cybersecurity Infrastructure and Security Agency (CISA) 

Resources and messaging for organizations to use when talking with their employees and customers about staying safe online are available from CISA, the operational lead for federal cybersecurity and the national coordinator for critical infrastructure security and resilience. 
 

National Institute of Standards and Technology (NIST)

NIST has partnered with other federal agencies to help raise awareness about cybersecurity and engage with public and private sector partners through events and initiatives to raise awareness about cybersecurity, provide them with tools and resources needed to stay safe online, and increase the resiliency of the nation in the event of a cyber incident.
 

National Cybersecurity Center of Excellence (NCCoE)

NCCoE collaborates with the public to serve the public. Its mission is to solve organizations’ most pressing cybersecurity challenges. Explore our guidance, engage with our teams, and learn more about how you can get involved today.
 

National Cybersecurity Alliance

Digital resources about cybersecurity and staying safe online for home, work, school, or throughout your community. The Alliance is a non-profit organization on a mission to create a more secure, interconnected world and they do this by creating strong partnerships between governments and corporations to amplify their message and to foster a greater “digital” good.
 

Project Spectrum

Project Spectrum is a comprehensive, cost-effective platform that provides companies, institutions, and organizations with cybersecurity information, resources, tools, and training. Its mission is to improve cybersecurity readiness, resiliency, and compliance for small/medium-sized businesses and the federal manufacturing supply chain.

Cybersecurity Infrastructure and Security Agency (CISA) - Secure Our World Campaign Partner Resources and Toolkit

CISA and the National Cybersecurity Alliance (NCA) have partnered to create resources and messaging for organizations to use when they talk with their employees, customers and memberships about staying safe online. To learn more about the campaign, visit cisa.gov/cybersecurity-awareness-month.

• Secure Our World Tip Sheets
• Animated Videos about the Four Ways the Stay Safe Online
• Cybersecurity Awareness Month Social Media Graphics