The Free Cybersecurity Law Reference for Government Contractors

Your plain-language map to the national procurement cybersecurity ecosystem.

We don't just tell you which standards apply. We show you the requirements inside them — in full text, plain English, and with examples.

Find My Requirements Explore the Reference Library ↓

FAR Baseline CMMC / NIST By Agency State Requirements By Industry Enforcement

Start here: the baseline you already owe

Before any FAR or DFARS clause applies, federal and state law already requires your business to secure data and report breaches — the FTC Act, all-50-state breach laws, and rules like GLBA and HIPAA. The contractor requirements build on top of that legal baseline. Make sure you meet it first.

See the legal baseline →

Recent Developments

No recent developments yet — check back soon.

View all updates →

Not Sure Where to Start?

GovConCyber is a free legal reference — not a law firm. We cover the federal cybersecurity rules that apply to government contractors: what they require, who they apply to, and what you need to do. Start here if you're new to the site.

Find My Requirements

Answer a few questions about your contract type and data to get a plain-language summary of your obligations.

Get started →

New to Cyber Compliance?

Start with the fundamentals: what the key frameworks are, why they exist, and how they affect your contracts.

Read the basics →

Look Up a Term

Plain-language definitions for CUI, CMMC, DFARS, FedRAMP, and many other key terms.

Browse the glossary →

Browse the Reference Library

Federal Requirements

FAR, DFARS, frameworks, and agency-specific rules

State Requirements

State-level cyber laws affecting government contractors

Industries

Sector-specific obligations: defense, healthcare, finance, and more

Compliance Tools

Checklists, templates, and program-building guides

Enforcement

Actions, penalties, and False Claims Act case law

Learn

Cybersecurity 101 and a plain-language glossary

About GovConCyber

GovConCyber is a free, independent legal reference for government contractors. We translate complex federal cybersecurity requirements into plain English — without the billable hour. Content is reviewed for accuracy against the underlying statutes, regulations, and official guidance, and updated periodically as those rules evolve.

Learn more about this site →

Free to Use

No paywalls, no subscriptions, no ads.

Sourced to Primary Law

Every factual claim is cited to the underlying statute, regulation, or official agency document.

Updated Periodically

Pages are reviewed for accuracy and carry a visible 'Last reviewed' date — see the date on each page.