Skip to content

Resources

On this page, you will find a list of Summit 7 resources curated specifically by topic. You can navigate to each section by scrolling, or using the links in the header above.

CMMC

Cybersecurity Maturity Model Certification (CMMC) 2.0 was released in November of 2021 as the next stage in the Department of Defense's (DoD) efforts to secure the Defense Industrial Base (DIB) and its supply chain. Below you will find a list of resources related to CMMC versions 1.0 and 2.0.


Microsoft Gov Cloud

Many contractors in the DoD supply chain have already chosen to tackle security and compliance requirements in the Microsoft Government Cloud. Below you will find a list of resources related to Microsoft security and compliance in the government cloud.


NIST 800-171

NIST 800-171 is a security framework for organizations that must securely process Controlled Unclassified Information (CUI). Below you will find a list of resources related to NIST 800-171.


ITAR/CUI

The International Traffic in Arms Regulation (ITAR) controls the export and import of defense-related articles and services on the United States Munitions List (USML). According to the U.S. Government, all manufacturers, exporters, and brokers of defense articles/services or related technical data must be ITAR compliant. 

Controlled Unclassified Information (CUI) is Federal non-classified information that the U.S. Government creates or possesses, or that a non-Federal entity (Defense Industrial Base organizations) receives, possesses, or creates on behalf of the U.S Government. Below you will find a list of resources related to ITAR compliance and handling CUI.


Managed Services (MSP) and Managed Security Services (MSSP)

In order to manage DFARS cybersecurity obligations and achieve CMMC 2.0 certification, aerospace and defense contractors in the Defense Industrial Base (DIB) must implement and maintain a complex web of NIST 800-171 controls and CMMC practices. Unfortunately, utilizing outsourced managed IT service providers (MSP) creates complications because the responsibilities for security are distributed across internal and external stakeholders. Below you will find a list of resources related to MSPs and MSSPs for security and compliance.


DFARS

DFARS 7012 includes a set of requirements for contractors to implement technical and procedural controls as specified by the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 to protect sensitive information and to rapidly report cyber incidents.


CS2

CS2, or the Cloud Security and Compliance Series, is an ongoing informational series for contractors in the Defense Industrial Base looking to meet federal compliance mandates.