General educational information — not legal advice in any jurisdiction. Read the full disclaimer.

Find My Requirements

Answer a few questions about your organization, contract, and data to get a plain-language summary of your cybersecurity compliance obligations.

Educational estimate only — general guidance, not legal advice or a definitive determination of your obligations.

1Org / Contract
2Where You Operate
3Data
4Company Size
5Industry

What type of contract are you working under?

Select all that apply — many contractors work across multiple vehicles.

How This Tool Works

Each answer narrows a curated set of rules that map contract type, data category, and industry to specific FAR/DFARS clauses, frameworks, and statutes. A rule appears when every one of its conditions either matches your answer or is left open as a wildcard. We sort by priority so the highest-impact obligations show first, and we de-duplicate so the same clause never appears twice.

The rule set is maintained by practitioners and updated when new federal rules are finalized. It is intentionally conservative — when in doubt, we surface the broader baseline rather than guess.

What This Tool Covers

• FAR & DFARS baseline cyber clauses
• NIST SP 800-171 and CMMC 2.0 framework triggers
• Sector statutes (HIPAA, GLBA, FERPA, NERC CIP)
• Incident reporting and FedRAMP touchpoints

Key Definitions

CUIControlled Unclassified Information FCIFederal Contract Information PHIProtected Health Information CMMCCybersecurity Maturity Model Certification DFARSDefense FAR Supplement FARFederal Acquisition Regulation FedRAMPFederal cloud authorization program

Related References

FAR Baseline Cyber Clauses CMMC & NIST Frameworks By Agency Enforcement Actions Compliance Checklists

Get rule updates by email

Subscribe to Breach of Contract for plain-language updates whenever a new rule changes who must comply.

Subscribe Free

Disclaimer

GovConCyber is an educational resource. Nothing on this page is legal advice and no attorney-client relationship is formed by using this tool. Results reflect publicly available rules as of the most recent update and should be confirmed against your specific contract, agency guidance, and qualified counsel before being relied on.

Read the full disclaimer →