Controlled Unclassified Information (CUI) Compliance – Protection of Unclassified Government Information

Duffy Compliance Services (DCS) selected to support Maryland Defense Contractors

Duffy Compliance Services is proud to announce that it has been selected by the Maryland Defense Cybersecurity Assistance Program to provide Defense contractors with more than $57 billion in economic assistance to comply with DFARS and NIST 800-171 Standards for cybersecurity.

If you are a Defense Contractor physically located within Maryland and you provide 10% or more DoD related business or a contract/procurement request for compliance, you may be qualified for the program.

maryland defense cybersecurity

CUI Compliance is no longer a Suggestion

Controlled Unclassified Information or CUI has become more than a suggestion for Federal Contractors.  CUI compliance is mandated for all Federal contractors, as well as non-profits and subcontractors that receive federal funding.  These mandatory Corporate and Organizational requirements are CUI, DFARS or NIST SP 8000-171, Revision 1.

At Duffy Compliance Services, we are deep into the CUI compliance Assessment services our business provides.  We see this increasing as large prime contractors and their subcontractors are inquiring about compliance and indicating that contracts can be removed or eliminated unless compliance is demonstrated.  As an emphasis on cybersecurity increases, we are encountering a larger number of small business subcontractors asking what they can do to ensure compliance.

The fact is that a contractor’s ability to demonstrate compliance when questions are asked about how your organization is protecting CUI will determine your ability to accept or maintain contracts with the Federal Government, whether as a prime or subcontractor.

cctv camera

Your organization’s Security is too important to risk

CUI Compliance

No organization looks forward to an audit.  Ensure your CUI Compliance before you are audited.

The CUI requirements apply to all components of the federal and non-federal information systems and organizations that possess, store or transmit CUI.  If your organization provides protection or security for these areas, the requirement also applies.

Proposal Bids

CUI Compliance means you are able to bid on proposals requiring CUI compliance. Without it, you are unable to even subcontract CUI work.


You get peace of mind knowing that you can pass an audit. More importantly, you are properly protecting controlled information!

Working Plan

You are more aware of your own security posture and have a working plan to keep it protected.

Work with Prime Contractors

More Business Opportunity!
You can work with prime contractors on CUI bids where they can use your services.

Corporate Image

Your clients and employees can see your dedication to protecting your business and its data. This discourages sloppy security practices accross the enterprise.

Win and retain Government Contracts

Without CUI compliance, you are unable to go after government work that you were normally allowed to in the past.

Are your IT Staff Compliance Experts?

Chances are, they are not, Get them the support they need to be sure your data is safe…

CUI Compliance testing - The process

Compliance starts with a Gap Analysis – where you are now with your current policies, platform, infrastructure, operations, and training
We build a plan of actions with milestones (POA&M) to help you fill in the discovered gaps.

  • We test the implementations of the remediation.
  • We train for security awareness.
  • We identify and confirm security roles and responsibilities.


The deliverables are the policies, procedures, tests, and tracking system of the CUI compliance status all bundled in a “compliance package” that an auditor can use to confirm the organization is in compliance with the security controls required by the government to secure CUI data.

Why Choose Duffy Compliance?

We live this stuff! We bring decades of experience in current NIST security controls and understand system security risk and architecture. We have enterprise-level experience that we can tailor to your organization’s platform to build a best of breed solution set unique to your requirements. We have all the background necessary to get you compliance without re-inventing your entire network system.

The reason you need Duffy Compliance Services is to give you the peace of mind to know that your data is safe and secure.  Most of the time, we are called in after a security breach or event.  Don’t be the person that closes the barn door after the cows have left the building!

security personnel
security team
security person

Security Compliance Services from now perform CUI Compliance Assessments and Consultation.  Any prime contractors or subcontractors that utilizes CUI information will need to meet this mandate to continue working with government entities.  Prime contractors will appreciate Duffy Compliance Services (DCS) enterprise management application that will ensure compliance with their subcontractors and supply chain.

Call us today at 301-345-0345 to book your CUI compliance assessment to ensure your compliance before an audit.  A Free 15-minute consultation will help you understand exactly what is needed to avoid problems with noncompliance with these new regulations.  A few minutes now may ensure your ability to continue as a Federal contractor (prime or sub).