On September 29, 2020, the DOD issued an interim rule for comment to amend DFARS to be able to put in effect the new DoD Assessment Methodology and the Cybersecurity Maturity Model Certification framework (CMMC). The Interim rule enables the DoD to evaluate: 1) Contractors’ cybersecurity requirements and 2) improve the security of Controlled Classified Information (CUI) in the supply chain.
The interim rule became effective on November 30, 2020. If you need to comply with the Defense Federal Acquisition Regulation Supplement (DFARS), Controlled Unclassified Information (CUI) security requirements, or if you are part of the DoD supply chain and have a current contract in place you will need to follow the requirements in this interim rule. Otherwise, your DoD contracts could be terminated.
Three new DFARS clauses in the Interim Rule:
- DFARS 252.204-7019, Notice of NIST SP 800-171 DoD Assessment Requirements
- DFARS 252.204-7020, NIST SP 800-171 DoD Assessment Requirements
- DFARS 252.204-7021, Contractor Compliance with the Cybersecurity Maturity Model Certification Level Requirement
To comply with this rule, you will need to perform some tasks:
- Perform a NIST SP 800-171 self-assessment According to the DoD scoring methodology
- Post your NIST SP 800-171 score on the PIEE website through the SPRS role
- In the SPRS provide a date when you will complete 100% of your POAM
- Complete your SSP & implement your POAM 100%
- Flow down these cybersecurity requirements to your supply chain (suppliers and subcontractors) working with CUI
- Prepare for DOD Medium and High assessments
Need Assistance with DFARS Compliance in Utah?
If you have DoD contracts or planning to have contracts that require you to comply with DFARS 252.204-7012, you must perform your self-assessment immediately and post your score on the SPRS site as soon as possible to maintain those contracts in place.
Implementing the interim rule will help your path toward CMMC Level 3 to handle CUI and keep working in the DoD supply chain.
iMpact Utah can help you with all your DFARS requirements and guide you through the process.