This document discusses cybersecurity compliance requirements for government contractors. It outlines the FAR and DFARS rules regarding protecting controlled unclassified information. It also summarizes the NIST SP 800-171 requirements for protecting controlled unclassified information in non-federal systems. The document provides guidance on assessing systems and data, developing plans and policies, and strategies for achieving compliance. Non-compliance can result in financial penalties like not getting paid, contract termination, and damage to reputation.