NIST Controls Awareness Training (NCAT)


The resources section provides links to important documents and content that will assist in understanding security controls and conducting the assessment process.

Understanding DFARS 252.204-7012

DFARS 252.204-7012 Clause
This link points to the actual Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012. Those using this link would want a concrete understanding of what the clause actually says.
Safeguarding Covered Defense Information – The Basics
This document provides a succinct description of DFARS Clause 252.204.7012, Safeguarding Covered Defense Information and Cyber Incident Reporting
DoD Procurement Toolbox, Cybersecurity FAQ
This document compiles a list of common questions that have been raised on how to address the specifics of DFARS clause 252.204-7012
Key Documents for Compliance

NIST 800-171
In DFARS 252.204-7012, NIST 800-171 is highlighted as the set of security requirements necessary to achieve “adequate security” for systems that will interact with covered defense information (CDI).
NIST 800-171A
NIST Special Publication 800-171A provides guidelines for how a cybersecurity assessment for NIST 800-171 should be conducted. It can be used to identify the types of questions and the level of rigor that can be used for an assessment.
NIST Handbook 162
The NIST Handbook 162 is a guide that provides information needed to understand NIST 800-171 in less technical language. It gives explanations about how controls from each of the 14 families outlined in NIST 800-171 can be addressed and the types of questions to ask during an assessment.
Patricia Toth (NIST) Briefing
This video provides an overview of the requirements for defense contractors outlined in NIST 800-171. It describes the NIST Manufacturing Extension Partnership (MEP) three step process for compliance and helps attendees to gain a better understanding of the NIST 800-171 and NIST Handbook 162 publications. Patricia Toth is a Supervisory Computer Scientist in the Computer Security Division at NIST.
Documentation Templates and Examples

System Security Plan Templates
These documents can be used to provide examples for how a system security plan should be structured.
Northrop Grumman NIST 800-171 Security Controls Examples
Provides some examples of how to address specific security controls organized by Northrop Grumman.
Supporting Information

Support Plan Development Document
These NIST documents provide guidance on how to handle specific types of planning documents.
NIST Small Business Cybersecurity Corner
The NIST Small Business Cybersecurity Corner aims to provide companies with cybersecurity guidance, solutions, and training that is practical actionable, and enables them to cost-effectively address and manage their cybersecurity risks.