This rule amends DFARS subpart 204.73, Safeguarding Covered Defense Information and Cyber Incident Reporting, to implement the NIST SP 800–171 DoD Assessment Methodology.
The new coverage in the subpart directs contracting officers to verify in SPRS that an offeror has a current NIST SP 800–171 DoD Assessment on record, prior to contract award, if the offeror is required to implement NIST SP 800–171 pursuant to DFARS clause 252.204– 7012.
The contracting officer is also directed to include a new DFARS provision 252.204–7019, Notice of NIST SP 800–171 DoD Assessment Requirements, and a new DFARS clause 252.204–7020, NIST SP 800–171 DoD Assessment Requirements, in solicitations and contracts including solicitations using FAR part 12 procedures for the acquisition of commercial items, except for solicitations solely for the acquisition of COTS items.
The new DFARS provision 252.204– 7019 advises offerors required to implement the NIST SP 800–171 standards of the requirement to have a current (not older than three years) NIST SP 800–171 DoD Assessment on record in order to be considered for award. The provision requires offerors to ensure the results of any applicable current Assessments are posted in SPRS and provides offerors with additional information on conducting and submitting an Assessment when a current one is not postedin SPRS.
The new DFARS clause 252.204–7020 requires a contractor to provide the Government with access to its facilities, systems, and personnel when it is necessary for DoD to conduct or renew a higher-level Assessment. The clause also requires the contractor to ensure that applicable subcontractors also have the results of a current Assessment posted in SPRS prior to awarding a subcontract or other contractual instruments. The clause also provides additional information on how a subcontractor can conduct and submit an Assessment when one is not posted in SPRS, and requires the contractor to include the requirements of the clause in all applicable subcontracts or other contractual instruments.
SERVICES
We will perform a pre CMMC review to help you prepare for your CMMC at levels 1-3. This includes setting up NIST 800-171 score and starting you on your way to complete your SSP and POAM. Our goal is to make you as self- sufficient as you want.
GJB and Associates provides multiple packages for these services. For more information, please email sales@gjbandassociates.com.