DFARS Clause 252.204-7012
Clause 252.204-7012, “Safeguarding Covered Defense Information and Cyber Incident Reporting”, provides adequate security measures for covered contractor information systems and defines cyber safeguarding and reporting requirements.
DFARS Clause 252.204-7008
Clause 252.204-7008, “Compliance with Safeguarding Covered Defense Information Controls”, outlines the clauses and standards to be used to implement security requirements.
NIST Special Publication 800-171
NIST Special Publication 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations” (June 2015 version) provides federal agencies with recommended requirements for protecting the confidentiality of CUI.
National Archives: CUI Registry
Established by Executive Order 13556, the Controlled Unclassified Information (CUI) program standardizes the way the Executive branch handles unclassified information that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government-wide policies. The CUI Registry is the authoritative source for guidance regarding CUI policies and practices.