Reference materials for federal and SLED evaluation.

Most resources are available on request — distribution stays traceable, and we hand-curate which version goes to whom (controls-mapping documents differ between federal civilian, DoD, and SLED contexts). Public materials are linked inline.

Forwardable takeaways — five public artifacts

Five real downloads — CSV control map, sample syslog events, sample audit-trail export, CDM gap self-assessment, Section 889 detection brief. No email required, no sales contact, designed to forward through your existing email/document workflow.

Go to Takeaways →

Public, on this site

• NDAA Section 889 posture — Detection approach, FAR-clause mapping, deployment posture for federal evaluators.
• Zero Trust Devices pillar — ZTMM 2.0 mapping, OMB M-22-09 evidence shape.
• CDM HWAM gap analysis — Where the existing data feed reaches and where it doesn't, with the integration shape.
• CMMC 2.0 Level 2 controls mapping — CM.L2-3.4.1 and adjacent controls.
• FedRAMP posture — Honest current status (no FedRAMP today), the SOC 2 Type II / ISO 27001 / 27017 / 27018 certifications that do exist, and the customer-installed alternative for FISMA / on-prem / SCIF / air-gapped environments.
• Trust posture — Consolidated certifications, attestations, and where the gaps are.
• Contract vehicles — Carahsoft federal channel routing, Azure Marketplace, ServiceNow Store, SLED cooperative-purchasing paths.
• Procurement evaluation checklist — Vendor-agnostic questions to ask any device-visibility candidate.
• Compare to NAC / SIEM / EDR / CDM — Side-by-side of what each does and where CybrIQ deploys alongside.
• Glossary — Acronyms and frameworks in agency-usage terms.
• FAQ — Direct answers to the questions federal evaluators ask first.

On request

• NIST SP 800-53 Rev. 5 control inheritance matrix. A control-by-control walkthrough for an agency's SSP, showing what CybrIQ supplies and what the agency owns. Tailored to FISMA Moderate or High.
• CMMC 2.0 Level 2 evidence pack. Sample audit-trail exports, evidence shapes, and SSP language for a C3PAO walkthrough.
• Section 889 detection technical brief. The Device DNA fingerprinting approach, false-positive rate by environment, and the relabeling-resistant-identification methodology.
• Reference architecture diagrams. Federal civilian, DoD, and SLED variants. ESE-to-main flow, switch-access topology, NAC and SIEM integration paths.
• Air-gap / SCIF deployment runbook. The full disconnected-environment install path, including signed-package update workflow.
• StateRAMP-aligned procurement summary. For state CIOs evaluating CybrIQ against state procurement standards.
• Independent third-party assessment summary. Available under MNDA.
• SOC 2 Type II report. Available under MNDA. Audit firm and reporting period available on request.

External public references

Federal frameworks referenced across this site, linked to the authoritative source:

• NDAA Section 889 — text via Congress.gov (FY2019 National Defense Authorization Act).
• OMB Memorandum M-22-09 — Federal Zero Trust Strategy (whitehouse.gov).
• CISA Zero Trust Maturity Model 2.0 (cisa.gov/zero-trust-maturity-model).
• NIST SP 800-53 Rev. 5, SP 800-171 Rev. 3, SP 800-137 — published catalogs (csrc.nist.gov).
• FedRAMP Marketplace (marketplace.fedramp.gov).
• CMMC 2.0 final rule and assessment guides (dodcio.defense.gov/cmmc).
• CDM program documentation (cisa.gov/topics/cybersecurity-best-practices/continuous-diagnostics-and-mitigation-cdm-program).