Controlled Unclassified Information (CUI), as defined in 32 CFR Part 2002 is “is information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls.”

How does this pertain to the Cybersecurity Maturity Model Certification (CMMC)?

Defense contractors, or subcontractors, that will process, store, or transmit CUI on the contractor or subcontractor information systems will be required to implement CMMC Level 2.

This includes new solicitations, contracts, task orders, and delivery orders.

It will also be in effect when option periods are exercised.

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 outlines the 110 minimum safeguard requirements that contractors or subcontractors must meet to be in compliance with CMMC Level 2.

Cyber Maturity Consulting, LLC provides CMMC Level 2 (CUI) Consulting services to help you meet these requirements. Reach out to us today!