DFARS 252.204-7012

“The covered contractor information system shall be subject to the security requirements in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, ‘Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations’ in effect at the time the solicitation is issued or as authorized by the Contracting Officer.”

DFARS 252-204.7019

“The new DFARS provision 252.204-7019 advises offerors required to implement the NIST SP 800171 standards of the requirement to have a current (not older than three years) NIST SP 800-171 DoD Assessment on record in order to be considered for award.”

DFARS 252-204.7020

“The new DFARS clause 252.204-7020 requires a contractor to provide the government with access to its facilities, systems, and personnel when it is necessary for DoD to conduct or renew a higher level assessment.”

DFARS 252-204.7021

“A new DFARS clause 252.204-7021, Cybersecurity Maturity Model Certification Requirements, is prescribed for use in all solicitations and contracts or task orders or delivery orders, excluding those exclusively for the acquisition of COTS items. This DFARS clause requires a contractor to: Maintain the requisite CMMC level for the duration of the contract; ensure that its subcontractors also have the appropriate CMMC level prior to awarding a subcontract or other contractual instruments; and include the requirements of the clause in all subcontracts or other contractual instruments.”

InterSec offers CMMC Audit Readiness Services

• Ground up CMMC compliance

• Maturing from one CMMC level to the next

• Gap analysis

• Validated Assessment

• Advisory Services

• Professional Services

• Audit ready artifacts

• Audit Support

• Managed Security Services for ongoing CMMC compliance

Time is running out on CMMC compliance. We can help you jumpstart your CMMC journey. Please get in touch with us today at inquiries

Keith M.

Security Blogger at InterSec,Inc.


[category cybersecurity, compliance, cmmc]