The DFARS Interim Final Rule Comes Into Effect Nov. 30 — What’s Your Plan For Compliance?
The Interim Final Rule recently issued by the DoD requires mandatory, scored self-assessments for NIST 800-171 and creates a bridge to CMMC. Is your organization prepared?
Request A CMMC Readiness Assessment
The DFARS Interim Final Rule Comes Into Effect Nov. 30 — What’s Your Plan For Compliance?
The Interim Final Rule recently issued by the DoD requires mandatory, scored self-assessments for NIST 800-171 and creates a bridge to CMMC. Is your organization prepared?
The Department of Defense (DoD) has issued its much-anticipated Interim Final Rule, which will come into effect on November 30, 2020.
DoD contractors and subcontractors will be required to submit scored self-assessments against current NIST 800-171 requirements under the new rule. This process will also act as a bridge to CMMC compliance in the coming years.
Do you have a plan in place to get started on your compliance?
NIST 800-171 & CMMC Compliance 101
If you don’t have time to review the Interim Final Rule in detail, or have any questions about it in general, our latest webinar is a good place to start.
It provides an overview of the DFARS Interim Final Rule and the next steps you need to take to prepare for your NIST 800-171 self-assessment and CMMC compliance.
Download our webinar here:
CLICK HERE
Beyond submitting your NIST 800-171 self-assessment and CMMC compliance considerations, there are other aspects of the Interim Final Rule you need to take note of.
Interim Final Rule Adds Clauses To DFARS
DFARS 252.204-7019
This clause sets a requirement for an assessment of NIST 800-171 from Nov. 30, 2020 onward. Building off the DCMA program, it will act as the bridge to CMMC over the coming years.
Assessments fall into three categories:
The results of any such assessments are required to be uploaded to the Supplier Performance Risk System (SPRS). The SPRS will act as the central database, holding results of NIST assessments and the CMMC certifications for DoD review.
DFARS 252-204-7020
This clause lays out two requirements:
These requirements consolidate all assessment-associated info and ensure that assessors can access systems for the purpose of an assessment.
DFARS 252-204-7021
This clause requires CMMC to be included in all contracts moving forward from the deadline. The details of CMMC compliance align with previous versions released by the DoD.
Furthermore, it’s important to note that DFARS 252.204-7012 hasn’t been modified. This means the underlying requirements for FedRAMP Moderate, NIST 800-171, and clauses (c) through (g) will continue unchanged
Need Expert Assistance Reviewing NIST 800-171 and CMMC Requirements?
Our team is available to help you analyze your current compliance with NIST 800-171, as well as identify what is needed to meet new standards required for CMMC certification. Doing so will make your business more secure, effective, and competitive in the market.
Becoming compliant with our expert assistance is easy: