Zip x Johanson Group Webinar: How the best vCISOs guide their clients through successful audits01d:01h:20m:51s
All Posts
Security·3 min read

A Quick Primer on DoD Cybersecurity Standards

A few acronyms you should expect to see

Learn more
A Quick Primer on DoD Cybersecurity Standards
Josh Zweig

Josh Zweig

September 7, 2023

Intro

The US is raising the cybersecurity standards for contractors across the government, especially those contracting for the Department of Defense.

At the same time, many software companies without roots in government contracting and not steeped in the many associated acronyms have to contend with these standards.

This post is meant to serve as a first primer on common acronyms you'll see, what they mean, and how they relate. We won't touch on the vast complexity of each but will instead provide a point of first interaction with these concepts.

Acronyms and Standards

NIST 171-800

This is a list of cybersecurity controls. Think of things like controlling access to devices or auditing remote desktop sessions. It's a long list.

NIST 171-800 tells us what protections and procedures we need to implement and is designed to set the minimum security threshold for companies and systems that store Controlled Unclassified Information (CUI). If you're doing business with the Department of Defense, you probably need to care about it.

The good news is that NIST 181-800 provides a single list of controls that must be implemented. The condensed list starts on page 74 of the publication here: https://csrc.nist.gov/pubs/sp/800/171/r2/upd1/final.

CMMC

The Cybersecurity Maturity Model Certification (CMMC) requires implementing the NIST 181-800 standard. No additional protections are needed! CMMC is just NIST 171-800 paired with one of three types of audits:

  1. Level 1: Self Attestation
  2. Level 2: An audit provided by a C3PAO (A third-party vendor certified by the government to complete these audits)
  3. Level 3: An audit led by the government

Concluding

Above, we briefly explained two common cybersecurity acronyms you should expect to run into quickly if you want to work with the Department of Defense. To be sure, there are many more, including DFARS, ITAR, and the like. NIST 171-800 is at the center. It's a long list, but compliance implementation of NIST 171-800 is the right place to start.

In this article

Get started with Zip

Learn more about Zip's MDM, EDR, IT, and Compliance solutions and we'll find the right fit for you.

Talk to usSee the product

Related articles

Why Automated CIS Benchmark Enforcement Is Stronger Than Manual Security
Security·7 min read

Why Automated CIS Benchmark Enforcement Is Stronger Than Manual Security

April 27, 2026

Ready to Work in Minutes with Zero-Touch Security
Security·8 min read

Ready to Work in Minutes with Zero-Touch Security

April 21, 2026

How Automated Enforcement Saves 20+ Hours a Week
Security·4 min read

How Automated Enforcement Saves 20+ Hours a Week

March 27, 2026

Learn more

Questions about this article? Get in touch with our team below.

Form loads as you scroll…