SUBCONTRACTOR RESOURCES FOR CUI/CMMC

  1. Learn how to work with protected information:  What is CUI? 

  2. Create a Secure Environment for Work:  NIST 800-171r2   DFAR 252.204-7012   10 Steps    Heads Up, Defense Subcontractors! 

  3. Perform a Self Assessment   NIST 800-172A   DFAR 252.204-7019   Self Assessment Tool 

  4. Generate System Security Plan (SSP) and Plan of Action with Milestones (POAM).

  5. Obtain and publish SPRS score.   Worksheet

  6. Input score, SSP, and POAM into SPRS system.  800.171 Quick Entry Guide

  7. Provide SPRS score to Prime Contractor.

  8. Set up Two-Factor (MFA) Authentication. 

    Microsoft Resources:  What MFA is   Once Registered   Change Method   Register for Addition 

  9. As an alternative to trying to accomplish steps 2 through 4 above on your own, contact PreVeil to learn how they can help.  Learn more about Preveil here.  

  10. Create Preveil Enterprise Account

     11. Start Work!

      For directions on how to obtain View Only or Full Access to CUI documents click here.

     Subcontractor Representation Safeguarding Covered Defense Information (CDI) and Cyber Incident Reporting 

 

If you need additional information, please email us at  CMMCInfo@TutorPerini.com