Thanks for your interest in contributing!
- One resource per pull request. This makes review easier.
- Verify the link works before submitting. No broken URLs.
- Add resources to the correct section and maintain alphabetical order within sections.
- Use the format:
[Resource Name](URL) - Brief description ending with a period. - No affiliate links or tracking parameters.
- Commercial tools are welcome but must be clearly relevant to CMMC/800-171 compliance.
- Open source tools should include the license in the description when possible.
Resources should be directly relevant to:
- CMMC (any level)
- NIST SP 800-171 / 800-171A / 800-172
- CUI protection for defense contractors
- DFARS cybersecurity clauses
- Assessment preparation and evidence collection
- Fork the repository
- Add your resource to the appropriate section in
README.md - Ensure your addition maintains alphabetical order
- Submit a pull request with a brief explanation of why the resource is valuable
- No paywalled resources without noting the cost
- No outdated content (pre-CMMC 2.0 resources should be clearly marked if included)
- Training providers must be actively operating
- Tools must be maintained (last commit within 12 months for open source)
Open an issue if you're not sure where something fits.