№ lp_1_2_56921
File format: docx Character count: 20327 File size: 62 KB
Outline and guidance document detailing the structure, lifecycle management, and implementation expectations of cybersecurity strategies for defense acquisition systems, including planning, testing, authorization, and sustainment activities.
Year: 2021
Organization: Department of Defense
Department: Chief Information Officer
Document Type: Guidance/Strategy Outline
Topic: Cybersecurity
Version: 1.4
Audience: Program Offices, System Owners, Authorizing Officials
Legal References: Clinger-Cohen Act (40 U.S.C. Subtitle III), NDAA 2001 §811, DoDI 5000.02
Related Documents: DoDI 8500.01, DoDI 8510.01, DoDI 8580.01, DoDI 8330.01, DoDI 8530.01, DoDI 5200.44, NIST SP 800-53 Rev. 4, NIST SP 800-82 Rev. 2, NIST SP 800-160 Vol. 1 & 2, NIST SP 800-161
Price: 8 / 10 USD
The file will be delivered to the email address provided at checkout within 12 hours.

Don’t have cryptocurrency yet?

You can still complete your purchase in a few minutes:
  1. Buy Crypto in a trusted app (Coinbase, Kraken, Cash App or any similar service).
  2. In the app, tap Send.
  3. Select network, paste our wallet address.
  4. Send the exact amount shown above.
After sending, paste your TXID (transaction ID) and your email to receive the download link. Need help? Contact support and we’ll guide you step by step.

The final amount may vary slightly depending on the payment method.
The file will be sent to the email address provided at checkout within 24 hours.
The product description is provided for reference. Actual content and formatting may differ slightly.
CMMC V2 Level 1 System Security Plan for Federal Contract Information and Controlled Unclassified Information
Year: Not specified
Organization: University of Washington
Document Type: System Security Plan
Audience: Internal staff handling FCI and CUI
Scope: Federal Contract Information (FCI) and Controlled Unclassified Information (CUI)
Sections Included: Environment Profile, Environment and Assets, Access Control Practices
Technical Controls: ASTRA Access Management, Active Directory, Azure AD, Husky OnNet VPN, DUO 2-Factor Authentication, Kerberos, LDAP, UW Groups, UW NetID, Web SSO
Procedures: User access management, device approval, external connection controls, public information control
DoD Policy Memorandum: Encryption of Sensitive Unclassified Data at Rest on Mobile Computing Devices and Removable Storage Media
Year: 2007
Region / city: United States
Subject: Encryption of unclassified data at rest
Document Type: Policy Memorandum
Organization: Department of Defense
Author: Not specified
Target audience: DoD personnel, contractors, and other related stakeholders
Period of validity: Ongoing
Approval date: July 3, 2007
Amendment date: Not specified
Unclassified Foreign National Visits & Assignments Questionnaire
Year: 2023
Region / City: United States
Topic: Immigration, Security, International Visitors
Document Type: Questionnaire
Organization / Institution: U.S. Department of Energy
Author: U.S. Department of Energy
Target Audience: Foreign nationals visiting or assigned to the Department of Energy
Period of validity: Not specified
Approval Date: Not specified
Amendment Date: Not specified
Minimum Requirements and Safeguards for Controlled Unclassified Information (CUI) in DoD Contracts
Year: 2012
Country: United States
Subject: Information security
Document type: Policy and requirements specification
Issuing organization: Department of Defense
Information designation: Controlled Unclassified Information (CUI), For Official Use Only (FOUO)
Applicable regulations: Executive Order 13526; Privacy Act of 1974; DoD 5200.01 Vol. 4; DoD 8582.01
Affected parties: DoD contractors, grantees, and non-DoD entities
Scope: Unclassified DoD information on non-DoD information systems
Security domains: Access control, encryption, transmission, storage, dissemination
Effective date: February 24, 2012
Application for a certificate in relation to an Unclassified Fund
Year: 2018
Region / City: Jersey
Subject: Data Protection
Document Type: Application Form
Organization / Institution: Jersey Financial Services Commission
Author: Jersey Financial Services Commission
Target Audience: Fund applicants, financial services professionals
Period of Validity: Not specified
Approval Date: Not specified
Date of Changes: Not specified
Additional Guidelines for Controlled Unclassified Information
Document Type: Policy Guidance
Subject: Controlled Unclassified Information (CUI)
Issuing Authority: U.S. Government
Applicable Regulation: Army Regulation (AR) 25-55
Related Regulation: DFARS 252.204-7012
Related Standard: AR 25-2
Related Instruction: BBP 03-PE-O-0003 Army Information Assurance Sanitization of Media
Applicable Designations: For Official Use Only (FOUO)
Scope: Technical Data and Government Information
Applicability: DoD Personnel and DoD Contractors
Access Requirement: Need-to-Know Basis
Security Oversight: Government Security Manager
Reporting Requirement: Loss or Compromise within 72 Hours
Distribution Control: Applicable Distribution Statement Required
Digital Transmission Requirement: NIST/NIAP-Approved Cryptographic Products
Clause FARReference FARDate DFARReference DFARDate Applicability Parts Manufacturing Approval (PMA) 14 CFR 21.303 includes FAA Order 8110.42 and 14 CFR Part 21, Subpart K Airworthiness Directives 14 CFR 39.13 including FAA Order 8110.4 Defense Priorities and Allocations System (DPAS) 15 CFR 700 Regulations for Rated Orders Definitions 52.202-1 Jan 2012 All Orders Gratuities 52.203-3 April 1984 All Orders Covenant Against Contingent Fees 52.203-5 April 1984 All Orders Restrictions on SubcontractorSales to USG 52.203-6 May 2014 SA Anti-Kickback Procedures 52.203-7 May 2014 Applies if Order Exceeds $150,000 Cancellation, Rescission, and Recovery of Funds for Illegal or Improper Activity 52.203-8 May 2014 All Orders Price or Fee Adjustment for Illegal or Improper Activity 52.203-10 May 2014 All Orders Certification and Disclosure Re: payments to Influence Certain Federal Transactions 52.203-11 Sept 2007 Applies in accordance with FAR 3.808 and if order exceeds $150,000 Limitation on Payments to Influence Certain Federal Transactions 52.203-12 Oct 2010 Applies if Order Exceeds $150,000 Contractor Code of Business Ethics & Conduct 52.203-13 Oct 2015 Applies if Oder exceeds $5,500,000 & has a period of performance greater than 120 days Display of Hotline Posters 52.203-14 Dec 2007 Applies if Order Exceeds $5,500,000 but does not apply to Orders for commercial items or ifthe Order is performed entirely oversees Whistleblower Protections Under the American Recovery & Reinvestment Act 52.203-15 June 2010 Applies if Order is funded with ARRA funds Contractor Employee Whistleblower Rights & Requirement to Inform Employees of WhistleblowerRights 52.203-17 Apr 2014 Applies to all orders over the Simplified Acquisition threshold Prohibition on Requiring Certain Internal Confidentiality Agreements or Statements 52.203-19 Jan 2017 Requirements Relating to Compensation of Former DoD Officials 252.203-7000 Sept 2011 All Orders Prohibition on Persons Convicted of Fraud or OtherDefense Contract-Related Felonies 252.203-7001 Dec 2008 SA Requirements to Inform Employees of Whistleblower Rights 252.203-7002 Sept 2013 All Orders Agency Office of the Inspector General 252.203-7003 Aug 2019 Applies if FAR 52.203-13 applies Display of Hotline Posters 252.203-7004 Jan 2015 Applies in accordance with subparagraph (e) of the clause Security Requirements 52.204-2 Aug 1996 Applies if Order involves access to classified information Disclosure of Information 252.204-7000 Aug 2013 All Orders Export Controlled Items 252.204-7008 Oct 2016 All Orders Limitations on the Use and Disclosure of Third Party Contractor Reported Cyber Incident Information 252.204-7009 Oct 2016 Applies if Order involves services that include support for the Government’s activities related to safeguarding covered defense information and cyber incident reporting. Safeguarding Unclassified Controlled Technical Info. 252.204-7012 Dec 2015 All Orders. Seller shall provide Buyer copies of notices provided to the Contracting Officer at the time such notices are sent. Seller shall also provide copies to Buyer copies of reports Seller receives from its lower tier subcontractors Notice of Authorized Disclosure of Information for Litigation Support 252.204-7015 May 2016 Prohibition on Acquisition of Covered Defense Telecommunications Equipment or Services 252.204-7018 Dec 2019 Copies of reports provided by Seller shall be provided to Buyer Notice of NIST 800-171 DoD Assessment Requirements 252.204-7019 Nov 2020 Assessing Contractor Implementation of Cybersecurity Requirements 252.204-7020 Sept 2020 As Applicable Cybersecurity Maturity Model Certification Requirements 252.204.7021 Nov 2020 Printed or Copied Double-Sided on Recycled Paper 52.204-4 Aug 2000 As applicable Personal Identity Verification of Contractor Personnel 52.204-9 Jan 2011 Applies in accordance with (b) of the clause System for Award Management 52.204-7 Oct. 2016 As applicable Reporting Executive Compensation & First-Tier Subcontract Awards 52.204-10 Oct 2015 As applicable Economic Purchase Quality – Supplier 52.207-4 Aug 1987 All Orders Basic Safeguarding of Covered Contractor Information Systems 52.204-21 June 2016 As applicable Prohibition on Contracting for Hardware, Softwarae, and Services Developed or Provided by Kaspersky Lab and Other Covered Entities 52.204-23 July 2018 Seller shall provide Buyer copies of any reports under this clause which relate to the performance of this Order Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment 52.204-24 Nov 2020 Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment 52.204-25 Dec 2019 Note 4 applies in paragraph b; Reports required will be made to the Buyer Intent to Furnish Precious Metals as Government FurnishedMaterial 252.208-7000 All Orders Certification Regarding Debarment, Suspension, Proposed Debarment, and Other Responsibility Matter 52.209-5 Aug 2020 Protecting he Government’s Interest when Subcontracting with Contractors Debarred, Suspended or Proposed forDebarment 52.209-6 Oct 2015 Applies in accordance with paragraph (e) of the clause Subcontracting with Firms that are Owned or Controlled by the Government of a Terrorist County 252.209-7004 Material Requirements 52.211-5 Aug 2000 All Orders Defense Priority & Allocation Requirements 52.211-15 Apr 2008 Applies if priority rating is noted on this Order Acquisition Streamlining 252.211-7000 Oct 2010 Applies if Order exceeds $1.5M Item Identification & Valuation 252.211-7003 Dec 2013 All Orders Contract Terms & Conditions Required to Implement Statutes or Executive Orders Commercial Items (CI) 52.212-5 Apr 2015 CI Contract Terms & Conditions Required to Implement Statutes or Executive Orders – Commercial Items 52.212-5 Oct 2020 Contract Terms & Conditions Required to Implement Statutes or Executive Orders Applicable to Defense Acquisitions of Commercial Items 252.212-7001 June 2012 Audit & Records – Sealed Bidding 52.214-26 Oct 2010 Applies when cost or pricing data required Price Reduction for Defective Cost or Pricing Date – Modifications – Sealed Bidding 52.214-27 Aug 2011 Applies when cost or pricing data required Subcontractor Cost or Pricing Data – Modifications – Sealed Bidding Audits & Records –Negotiation 52.214-28 Oct 2010 Applies when cost or pricing data required Audits & Records – Negotiation 52.215-2 Oct 2010 Price Reduction for Defective Cost or Pricing Data 52.215-10 Aug 2011 Applies when cost or pricing data required Price Reduction for Defective Cost or Pricing Data – Modifications 52.215-11 Aug 2011 Applies when cost or pricing data are required Subcontracting Cost or Pricing Data 52.215-12 Oct 2010 Applies when cost or pricing data are required Subcontracting Cost or Pricing Data – Modifications 52.215-13 Oct 2010 Applies when cost or pricing data are required Integrity of Unit Prices 52.215-14 Oct 2010 Applies in accordance with paragraph (c) of the clause Pension Adjustments & Asset Reversions 52.215-15 Oct 2010 Applies in accordance with FAR 15.408(g) Facilities Capital Cost of Money 52.215-16 June 2003 Applies to cost-type Orders Waiver of Facilities Ca
Note: en
HACS Statement of Work (SOW) Template for Cybersecurity Services
Year: 2024
Region / City: United States
Topic: Cybersecurity, Incident Response
Document Type: Template
Organization / Institution: HACS
Author: HACS
Target Audience: Contractors, Agencies
Validity Period: Ongoing
Approval Date: Not specified
Date of Changes: Not specified
Drinking Water Program Public Water Supply Cybersecurity Incident Response Plan Template
Year: 2021
Region / City: Massachusetts
Topic: Cybersecurity, Public Water Supply
Document Type: Template
Organization / Institution: Massachusetts Department of Environmental Protection (MassDEP)
Author: Andrew Hildick-Smith
Target Audience: Public water and wastewater utilities
Effective Period: Ongoing
Approval Date: 2021
Date of Last Update: N/A
Principles and Practices for Software Bill of Materials for Medical Device Cybersecurity (Draft, June 2022)
Year: 2022
Month: June
Document status: Draft
Document identifier: IMDRF/CYBER WG/N73DRAFT:2022
Topic: Medical device cybersecurity
Subject: Software Bill of Materials (SBOM)
Document type: Regulatory guidance
Authoring group: Medical Device Cybersecurity Working Group
Organization: International Medical Device Regulators Forum
Intended stakeholders: Medical device manufacturers; healthcare providers; regulators; software vendors
Scope: Medical devices including software-based and in vitro diagnostic devices
Related documents: IMDRF/CYBER WG/N60FINAL:2020
Copyright holder: International Medical Device Regulators Forum
Cybersecurity Best Practices for the Safety of Modern Vehicles
Year: 2021
Region / city: Washington, D.C.
Topic: Cybersecurity, Automotive Recycling, Vehicle Repair
Document Type: Letter
Organization: National Highway Traffic Safety Administration (NHTSA)
Author: Sandy Blalock, Executive Director
Target Audience: National Highway Traffic Safety Administration (NHTSA), Automotive Manufacturers
Period of validity: Not specified
Approval date: Not specified
Date of amendments: Not specified
NICE Cybersecurity Workforce Framework in Focus – Gregory Bird
Year: 2023
Region / City: United States
Theme: Cybersecurity, Workforce Development
Document Type: Interview
Organization: U.S. Department of Homeland Security (DHS)
Author: Gregory Bird
Target Audience: Cybersecurity professionals, Human Resources in cybersecurity
Period of Action: Ongoing
Approval Date: Not provided
Date of Changes: Not provided
Federal Cybersecurity Coding Structure
Year: 2017
Region / city: Federal Government
Topic: Cybersecurity, Information Technology
Document type: Policy Document
Agency / organization: Office of Personnel Management (OPM)
Author: Office of Personnel Management (OPM)
Target audience: Federal agencies, cybersecurity professionals
Period of validity: Not specified
Approval date: Not specified
Date of amendments: Not specified
DARS Information Security Cybersecurity Training Platform Access Instructions
Year: 2026
Region / City: N/A
Subject: Cybersecurity Training
Document Type: Instructional Guide
Organization / Institution: DARS
Author: N/A
Target Audience: Employees of DARS
Action Period: N/A
Approval Date: N/A
Date of Changes: N/A
Centralized Cybersecurity Event Notification Portal Project – Proposal and Implementation Plan 2025
Year: 2025
Organization: NAIC (National Association of Insurance Commissioners)
Project Sponsor: Miguel Romero
Prepared by: Koty Henry
Target Audience: State insurance regulators and licensed insurers
Type of Document: Project Proposal / Implementation Plan
Relevant Legislation: Insurance Data Security Model Law #668 (MDL #668)
Related Policy: Cybersecurity Event Response Plan (CERP), March 17, 2024
Submission Date: 05/26/2025
Key Resources: NAIC technical and cybersecurity teams, regulatory/legal input, business analysts, project managers, training/support staff, infrastructure (servers/cloud services)
Implementation Steps: Portal development, testing, deployment, and state utilization survey
Goals: Centralized reporting of cybersecurity events, improved regulatory compliance, data security, and cross-jurisdiction coordination
Risks/Challenges: State-specific variations, adoption rate, confidentiality and security validation
Existing Alternatives: Appian platform or other configurable platforms
Financial Advisor Cybersecurity Resource
Note: Year
Topic: Cybersecurity
Document Type: Template
Organization: Harbour Investments, Inc.
Target Audience: Financial advisors, cybersecurity professionals
Extended RFP Template for Cybersecurity Maturity Model Certification (CMMC) Compliance
Year: 2026
Region / City: United States
Topic: Cybersecurity, Compliance
Document Type: Request for Proposal
Agency / Institution: U.S. Department of Defense
Author: Unspecified
Target Audience: Organizations handling Controlled Unclassified Information (CUI)
Period of Application: Ongoing
Approval Date: Unspecified
Modification Date: Unspecified
Statement of Work (SOW) for Cybersecurity Services under HACS Special Item Number (SIN)
Year: 2014
Region/City: United States
Topic: Cybersecurity
Document Type: Statement of Work (SOW)
Organization: Federal Government, Department of Defense (DoD), Intelligence Community (IC)
Author: Not specified
Target Audience: Federal agencies, Contractors
Period of Effectiveness: Not specified
Approval Date: Not specified
Date of Changes: Not specified
READ FIRSTThe HACS SOW templates (found on the HACS website) provide example information for a variety of cybersecurity services that can be purchased through the HACS Special Item Number (SIN). These templates begin with “Section 3.0 STATEMENT OF WORK” and continue through all of “Section 4.0 DELIVERABLES, INSPECTION, AND ACCEPTANCE.” These sections provide typical language for a cybersecurity solicitation, and provide examples of specific activities and deliverables associated with HVA Assessment services. This template aligns with the HACS Request for Quote (RFQ) Template, and material from this and other SOW examples can be copied and pasted directly into Sections 3.0 and 4.0 of the RFQ template to make your experience easier and more efficient. These templates provide prompts for agencies to input their specific information in . While these templates provide information on cybersecurity services, agencies should make sure that solicitations contain the specific requirements of their organization. (SAMPLE RFQ LANGUAGE IS IN RED)[DISCLAIMER: The language contained herein is just a sample of what can be used. There is no requirement or expectation that agencies use the same language in RFQs.]
Year: 2023
Region / City: USA
Topic: Cybersecurity Services, Risk Assessment, Vulnerability Testing
Document Type: Template
Agency/Institution: HACS
Author: HACS
Target Audience: Federal Agencies, Contractors
Period of Action: N/A
Approval Date: N/A
Modification Date: N/A
Request for Quote (RFQ) for Highly Adaptive Cybersecurity Services under GSA MAS IT 54151HACS
Note: RFQ Number
Issued to: Contractors under GSA Multiple Award Schedule (MAS IT)
Type of Document: Federal solicitation / request for quote
Services: Highly Adaptive Cybersecurity Services (HACS)
Applicable Regulations: Federal Acquisition Regulation (FAR) 8.4
NAICS Code: [Not specified]
PSC Code: [Not specified]
Performance Location: [Primary work location specified in RFQ]
Period of Performance: Base period with option periods from date of award
Overtime Policy: Approved only by Contracting Officer’s Representative (COR)
Holidays Observed: Federal holidays and additional days designated by statute, executive order, or proclamation
Submission Requirements: Signed cover letter by authorized company negotiator
Topics: Unclassified Cybersecurity Outline