DFARS regulations are here:
https://csrc.nist.gov/publications/detail/sp/800-171/rev-1/final
With the PDF being here:
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r1.pdf
With the NIST SP 800-53 database here:
https://nvd.nist.gov/800-53
The STIGS are here:
https://iase.disa.mil
DISA is here:
https://www.disa.mil/Cybersecurity
Although the use of the principles and guidelines in these SRGs/STIGs provide an environment that contributes to the security requirements of DoD systems, applicable NIST SP 800-53 cybersecurity controls need to be applied to all systems and architectures based on the Committee on National Security Systems (CNSS) Instruction (CNSSI) 1253.
Typically, questions revolve around the following:
NIST SP 800-171
FAR 52.204-21: http://farsite.hill.af.mil/reghtml/regs/far2afmcfars/fardfars/far/52_000.htm#P901_130612
DFARS 252.204-7012: http://farsite.hill.af.mil/reghtml/regs/far2afmcfars/fardfars/dfars/dfars252_000.htm#P962_54607
Depending on the industry and scoping, it is necessary that we comply with the following:
FAR 52.204-21 (federal level)
NIST SP 800-171 (national level)
NIST SP 800-53 (national level)
DFARS 252.204-7012 (defense level)
ISO/IEC 27001 (international level)
NAS 9933 (aerospace industry)
GDPR (European level)
Policy Templates are found on: https://www.sans.org/security-resources/policies
Nonprofit group membership is found on: https://classmgmt.com