This rule creates the following new solicitation provision and contract clauses:
-DFARS 252.204–7019, Notice of NIST SP 800–171 DoD Assessment Requirements
-DFARS clause 252.204–7020, NIST SP 800–171 DoD Assessment Requirements
-DFARS clause 252.204–7021, Cybersecurity Maturity Model Certification Requirements.
The objective of this rule is provide the Department with:
1. The ability to assess contractor implementation of NIST SP 800–171 security requirements, as required by DFARS clause 252.204– 7012, Safeguarding Covered Defense Information and Cyber Incident Reporting
2. Assurances that DIB contractors can adequately protect sensitive unclassified information at a level commensurate with the risk, accounting for information flowed down to subcontractors in a multi-tier supply chain. Flowdown of the requirements is necessary to respond to threats that reach even the lowest tiers in the supply chain. Therefore, to achieve the desired policy outcome, DoD intends to apply the new provision and clauses to contracts and subcontracts for the acquisition of commercial items and to acquisitions valued at or below the simplified acquisition threshold, but greater than the micro- purchase threshold. The provision and clauses will not be applicable to contracts or subcontracts exclusively for the acquisition of commercially available off-the-shelf items.
SERVICES
We will perform a pre CMMC review to help you prepare for your CMMC at levels 1-3. This includes setting up NIST 800-171 score and starting you on your way to complete your SSP and POAM. Our goal is to make you as self- sufficient as you want.
GJB and Associates provides multiple packages for these services. For more information, please email sales@gjbandassociates.com.