This document summarizes information about CUI (Controlled Unclassified Information) and DFARS (Defense Federal Acquisition Regulation Supplement) compliance requirements. It notes that CUI and DFARS compliance is mandated by December 2017 or within 30 days of contract award. It defines CUI and DFARS, outlines 14 security control families required by CUI, and discusses implications of non-compliance including liability risks. Common mistakes made in compliance are also listed, such as not accounting for non-cyber aspects, using a checklist approach, and not involving leadership. Contact information is provided for questions.