Skip to content

Take Control of
a CUI Incident with This 9-Step Action Plan

For DFARS and CMMC environments, the 72-hour reporting clock starts at discovery of a CUI breach, not confirmation.

This response checklist tells you what to contain, report, and preserve to protect your contracts and maintain your standing with DCSA. 

 

Get Your CUI Incident Response Checklist

For Defense Contractors Who Need Answers, Not More Policy

This checklist is built for the people actually in the room when something goes wrong: FSOs, ISSOs, and operations leads at defense contractors working in DFARS and CMMC environments. It covers every critical step from discovery through closeout, written in plain language and designed to be followed in sequence, in the field, when the clock is already ticking.

Inside you’ll find:

 

What to do in the first 60 minutes
 The immediate containment, evidence preservation, and internal escalation actions that protect your data, your investigation, and your options before anything else changes.
CUI classification and spillage triage
How to determine whether the data qualifies as CUI, whether your organization was authorized to handle it, and whether the incident constitutes a spillage which triggers a different and more urgent response path.
Reporting obligations under DFARS and CMMC
A clear path through the 72-hour DC3 DCISE reporting requirement, Contracting Officer notification, and any subcontractor prime-notification obligations, with guidance on how to report before you have complete information.
How to close out without leaving exposure behind
The remediation, documentation, and POA&M updates that demonstrate to DCSA, auditors, and prime contractors that your response was thorough, timely, and defensible.
CUI Checklist -image

Built by ISI's DFARS and CMMC Specialists

ISI was one of the first MSPs to achieve CMMC Level 2 certification in early 2025. Our team of CCAs, CCPs, and 50+ certified FSOs is the largest dedicated industrial security team in the Defense Industrial Base, supporting over 900 defense contractors with their security and compliance programs.

This checklist comes directly from the playbook our team uses when clients call us mid-incident: refined, simplified, and built to be used by your people, in your environment, the moment something goes wrong.

Hear What Our Customers Have to Say

ISI has provided expert assistance in CMMC and NIST 800-171 compliance as we transitioned from a startup to a small business, enhancing our security without stretching our budget.

Eleanor Francen CEO at EMD

Their expertise in CMMC and NIST 800-171 coupled with personalized support during the DCSA audit process makes them an indispensable ally.

Thomas Walsh III President of Valiant Harbor

Be Ready Before a CUI Incident Happens

When a CUI incident happens, having the right response plan is the difference between a manageable situation and a compliance crisis.

Download the checklist, share it with the people who need it, and be ready before the clock starts.