Where To Start

Before you click on the “Decision Tree”, you should have prepared by reviewing the information on the Cybersecurity Regulations and FCI/CUI tabs.

The Decision Tree is designed to help defense contractors determine which cybersecurity regulation(s) they should focus on. Since CMMC 2.0 is still in the rulemaking process, the earliest it can be referenced in contracts is the summer of 2023, contractors should focus first on the FAR/DFARS cybersecurity clause(s) in their current contracts or in solicitations.

Click on the “Decision Tree” button to get started with your cybersecurity compliance program!