1-203-659-7377

• Level 1: No third-party audit required; self-assessment for contractors handling Federal Contract Information (FCI).

​

• Level 2: Protects sensitive but not top-secret data (Controlled Unclassified Information - CUI); aligns with NIST SP 800-171 and requires third-party assessment.

​

• Level 3: Highest defense for critical DoD information; requires compliance with NIST SP 800-171 plus a subset of NIST SP 800-172, assessed by the DCMA Defense Industrial Base Cybersecurity Assessment Center (DIBCAC).