CYBERSECURITY MATURITY MODEL CERTIFICATION (CMMC) 

DFARS Interim Rule – Effective 30 Nov 2020:

On 29 September 2020, DoD issued an interim rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS) to implement a DoD Assessment Methodology and Cybersecurity Maturity Model Certification (CMMC) framework in order to assess contractor implementation of cybersecurity requirements and enhance the protection of unclassified information within the DoD supply chain.

This rule creates the following new solicitation provisions and contract clauses:

 

The rule directs contracting officers (agreements officers) to verify in SPRS that an offeror has a current NIST SP 800-171 DoD Assessment on record, prior to contract award, if the offeror (emphasis added) is required to implement NIST SP 800-171 pursuant to DFARS clause 252.204-7012. The contracting officer is also directed to include DFARS provision 252.204-7019 and DFARS clause 252.204-7020 in solicitations and contracts.

Contractors are being encouraged to do a Basic self-assessment using the NIST 800-171 Assessment Methodology and upload it into SPRS now if they intend to respond to solicitations later this year where this assessment will be required prior to award.  The interim rule states that the Basic Assessment is required “in order to continue to receive DoD awards or to continue performance on contracts and orders with options”.

The interim rule is effective 30 November 2020. The Government is accepting comments on the rule through 30 November 2020  for their consideration in the formation of a final rule.


CMMC Overview:

Background: 

Current Situation: 


Useful Resource:

Office of the Under Secretary of Defense for Acquisition & Sustainment Cybersecurity Maturity Model Certification Website

Two Corporate Place
Middletown, RI 02842
senedia.info@senedia.org

Receive monthly updates, industry news, and event invitations from the SENEDIA community.