US Regulations and Standards

The cybersecurity threats companies face have dramatically increased as we provide more services online, digitally store data, and rely on suppliers for a variety of information technology services. Recent high-profile incidents involving DIB supplier systems that Controlled Unclassified Information reinforce the need to ensure security requirements are clearly, effectively, and consistently communicated.

The purpose of this section is two-fold. First, the contents of this section are intended to include materials focused on DoD’s current and ongoing efforts – executed in partnership with industry – to improve the DIB’s cybersecurity. Specifically, it addresses DoD’s effort to ensure that controlled unclassified DoD information residing on or transiting through contractor information systems is safeguarded from cyber incidents. Protecting this DoD information will save warfighter lives. The cyber threat is not going away – we must defend our networks and systems, and the information that resides on them. Cybersecurity is a shared challenge, and we must work together to address it and reduce risk.

Second, we also provide cybersecurity-related content related to other efforts by the U.S. Government and other governments as well as the private sector aimed at defining and maturing the cyber protections that will best protect information systems from the evolving cyber threats that we all face.

Department of Defense Regulations

Other Regulations

NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations

NIST Risk Management Framework

NIST Cybersecurity Framework

National Aerospace Standard (NAS9933)