Blog > CMMC

CMMC : What is FCI, CUI, CTI, DCI, FAR, DFARS and FedRAMP

Here are some great terminologies you need to master if you need to comply with CMMC or NIST 800-171:

👉 DoD (Department of Defense): the U.S. Department of Defense. 

👉 FCI (Federal Contract Information): information on U.S. federal contracts (the bidding documents and their contents).

👉 CUI (Controlled Unclassified Information): Controlled Unclassified Information (e.g. diagrams or drawings of parts used on US military equipment). Encryption of this data is mandatory.

👉 DCI (Defense Controlled Information): CUI belonging exclusively to DoD (or that you create exclusively for DoD). 

👉 CTI (Controlled Technical Information): category of DCI that concern technical drawings owned by DoD. CTI are in the CUI category.

👉 FAR 52.204-21: basic cybersecurity requirements to protect FCI-type data.

👉 DoD-CIO-00002: requirements for CMMC Level 1 evaluation.

👉 DFARS 252.204-7012: security requirements for protecting DoD-owned CUI (or CUI you create for DoD).

👉 FedRAMP: mandatory security certification for Cloud providers who want to be able to store US government data.

And finally, if you're a DoD contractor or subcontractor:

👉 Comply with FAR 52.204-21 = obtain CMMC Level 1 certification.

👉 Comply with DFARS 252.204-7012 = obtain CMMC Level 2 certification.

👉 Comply with NIST 800-171 = obtain CMMC Level 2 certification

👉 If you want to store your CUI in the Cloud, make sure your Cloud provider is FedRAMP certified.



Need expert advice for your situation?

Our specialists are here to help.

Take advantage of a free, no-commitment consultation to discuss your challenges, priorities, and find solutions tailored for your company.

Contact an expert now
A man pointing to computer screen