August 2021

DFARS clause 252.204–7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, is included in all solicitations and contracts, including those using Federal Acquisition Regulation (FAR) part 12 commercial item procedures, except for acquisitions solely for commercially available off- the-shelf (COTS) items. The clause requires contractors to apply the security requirements of NIST SP 800– 171 to ‘‘covered contractor information systems,’’ as defined in the clause, that are not part of an IT service or system operated on behalf of the Government. The NIST SP 800–171 DoD Assessment Methodology provides for the assessment of a contractor’s implementation of NIST SP 800-171 security requirements, as required by DFARS clause 252.204–7012. The Assessment uses a standard scoring methodology, which reflects the net effect of NIST SP 800–171 security requirements not yet implemented by a contractor, and three assessment levels (Basic, Medium, and High), which reflect the depth of the assessment performed and the associated level of confidence in the score resulting from the assessment. A Basic Assessment is a self-assessment completed by the contractor, while Medium or High Assessments are completed by the Government. The Assessments are completed for each covered contractor information system that is relevant to the offer, contract, task order, or delivery order. The results of Assessments are documented in the Supplier Performance Risk System (SPRS) at https://www.sprs.csd.disa.mil/ to provide DoD Components with visibility into the scores of Assessments already completed; and verify that an offeror has a current (i.e., not more than three years old, unless a lesser time is specified in the solicitation) Assessment, at any level, on record prior to contract award. More information on the NIST SP 800–171 DoD Assessment Methodology is available at https://www.acq.osd.mil/ dpap/pdi/cyber/strategically_assessing_ contractor_implementation_of_NIST_ SP_800-171.html. SERVICES We will perform a pre CMMC review to help you prepare for your CMMC at levels 1-3. This includes setting up NIST 800-171 score and starting you on your way to complete your SSP and POAM. Our goal is to make you as self- sufficient as you want. GJB and Associates provides multiple packages for these services. For more information, please email sales@gjbandassociates.com.

GJB and Associates have many years of experience providing IT project services to businesses. Our partners are certified in all the major technologies and can assist organizations in selecting and implementing the appropriate IT solutions. By partnering with GJB and Associates, an organization can tap economies of scale and leverage purchasing power while increasing productivity through smart technology use. At GJB and Associates, our goal is to provide solutions in different markets that help companies become more innovative, agile, and secure in this digital world. We assist DOD contractors to prepare for Federally required NIST 800-171 and future CMMC certifications. GJB is a CMMC-AB credentialed Registered Practitioner Organization (RPO) and our team is CMMC-AB credentialed Registered Practitioners (RP). Our number one priority is to get clients set up on the DoD Supplier Performance Risk System (SPRS) with their score, Systems Security Plan (SSP), and Plan of Action and Milestones (POAM).   CMMC The CMMC will review and combine various cybersecurity standards and best practices and map these controls and processes across several maturity levels that range from basic cyber hygiene to advanced. For a given CMMC level, the associated controls and processes will reduce risk against a specific set of cyber threats. The CMMC efforts build upon existing regulations (DFARS 252.204-7012) that are based on trust by adding a verification component concerning cybersecurity requirements. We specialize in NIST 800-171 the current Interim Rule requirement and preparation for CMMC and have several tools that can help you get to the various levels. SERVICES We will perform a pre CMMC review to help you prepare for your CMMC at levels 1-3. This includes setting up NIST 800-171 score and starting you on your way to complete your SSP and POAM. Our goal is to make you as self-sufficient as you want. GJB and Associates provides multiple packages for these services. For more information, please email sales@gjbandassociates.com