In 2020, the U.S. Department of Defense (DoD) implemented a cybersecurity assessment requirement that requires contractors to have assessments of their compliance with the security requirements contained in NIST SP 800-171 and to submit a report on that assessment. DoD has stepped up the verification requirement with its Cybersecurity Maturity Model Certification (CMMC) program. Both of these efforts at requiring contractors to asses and certify their compliance with NIST SP 800-171 were driven, in part, by DoD's conclusion that contractors were not consistently implementing the existing cybersecurity safeguards. However, noncompliance on the part of government contractors, particularly small businesses, may stem, in part, from a misunderstanding of the wide net cast by existing safeguarding regulations. So in this webinar, Mark Amadeo briefly provides an overview of cybersecurity rules under FAR and DFARS that apply to unclassified information.