Start with the basics
Plain-English explanations of contractor information protection, sensitive information, and customer security language.
Plain-English contractor information security
Contractor Information Protection Explained
A practical educational site for small contractors and suppliers who need to understand sensitive work information, CMMC, NIST, FCI, CUI, Canadian contractor security language, IT-provider conversations, and customer cybersecurity questionnaires.
U.S. contractor terms
CMMC, FCI, CUI, NIST SP 800-171, SPRS, and assessment language explained carefully.
Canadian contractor terms
CPCSC, ITSP.10.171, Contract Security Program, protected information, and controlled goods boundaries.
Use worksheets
Map information, access, storage locations, IT-provider questions, and questionnaire preparation.
Built for small suppliers
Designed for owners, office managers, operations people, and non-specialists
Many small businesses first encounter contractor information protection through a customer email, bid package, onboarding form, supplier portal, insurance renewal, or prime-contractor request. The language can sound technical and legal at the same time. This site breaks the terms into practical questions: what information do you handle, where does it live, who can access it, what evidence supports your answers, and when should you pause for qualified help?
The focus is information protection for contractors and suppliers. It is not a site about personal security clearances, background-check applications, security guard jobs, private security careers, or tactical cybersecurity work. This site is built from public, unclassified information. It is intended as an unclassified public educational site, not as official government guidance, legal advice, cybersecurity consulting, or compliance certification support.
Topic areas
Topic hub
Basics
Start here for plain-English explanations of contractor information protection, customer security language, and why small suppliers hear about CMMC, NIST, and related requirements.
Topic hub
U.S. Contractor Information Protection
Plain-English introductions to U.S. defence-contractor information-protection terms such as CMMC, FCI, CUI, NIST SP 800-171, and SPRS.
Topic hub
Canadian Contractor Information Protection
Canadian contractor-security and cyber-certification language for suppliers that need to understand CPCSC, the Contract Security Program, protected information, and controlled goods at a high level.
Topic hub
Sensitive Information
Practical explanations of sensitive work information, access control, CUI, FCI, logs, and everyday handling risks in small shops and offices.
Topic hub
Plans & Documentation
Plain-English guides to SSPs, POA&Ms, incident response, SPRS references, and documentation habits that support clearer security conversations.
Topic hub
Working With IT Providers
Questions and preparation guides for discussing contractor information protection with IT providers, managed service providers, and customer security teams.
Topic hub
Checklists & Worksheets
Printable-style worksheets and checklists to help small contractors map information, access, storage locations, IT questions, and questionnaire preparation.
Source-grounded, but not official guidance
Pages link to official sources such as the CMMC program pages, NIST publications, the NARA CUI Registry, Acquisition.gov FAR/DFARS clauses, Cyber AB ecosystem-role pages, and Canada.ca contractor-security program pages. Official sources should always control over this educational summary.