DoD’s Interim Rule on CMMC: Phased Rollout to Immediately Impact Many Federal Contractors
Written By: Rhea Gustafson, Project Manager | NVIE
October 29, 2020 | NVIE
The new DFARS provision 252.204-7019 advises offerors of the new assessment requirement, while the new DFARS clause 252.204-7020, DoD Assessment Requirements, requires DoD contractors to immediately post Assessments of their cybersecurity compliance on the DoD’s SPRS. Prime contractors are required to flow down the substance of DFARS 252.204-7020 to all subcontractors (excluding COTS suppliers).
Prior to awarding a subcontract (or other contractual instrument) subject to the implementation of NIST SP 800-171 requirements, prime contractors must also ensure that the subcontractors have a current DoD Assessment posted in SPRS that was completed in the last three years. If a subcontractor does not have summary level scores of a current NIST SP 800-171 DoD Assessment posted in SPRS, the rule explains that the subcontractor is permitted to conduct and submit a Basic Assessment to DoD for posting to SPRS along with the information required by paragraph (d) of the clause. Subcontractors at all tiers should be aware of this requirement and ensure compliance with the same to maintain eligibility for awards.
This article is very important for all DoD contractors about the CMMC DFARS interim rule. To learn more click here: https://www.natlawreview.com/article/dod-s-interim-rule-cmmc-phased-rollout-to-immediately-impact-many-federal and https://www.sprs.csd.disa.mil/
Contact NVIE and talk to your Project Manager.
Email us at info@nvie.nevada.com
Call Us At: 800-637-4634
