DFARS Resources
Many of these links are embedded in various presentations or on other tabs on this website, but they are all located here for your convenience.
DFARS Interim Rule – Published Nov. 2020 and added DFARS 252.204-7019/7020. DFARS 7021 (CMMC) will not go into effect until the rulemaking process has been completed.
DoD DFARS 252.204-7012 FAQs - DoD’s answers to DFARS 7012 FAQs. NOTE: The answers are based on how the DoD want DFARS 7012 implemented. The answers do not apply to organizations outside of the defense industrial base.
DFARS 252.204-7012 – Safeguarding Covered Defense Information and Cyber Incident Reporting. This clause applies to contractors that “touch” controlled unclassified information (CUI).
DFARS 252.204-7019 - Notice of NIST SP 800-171 Assessment Requirements for Basic, Medium and High Assessments
DFARS 252.204-7020 - NIST SP 800-171 Assessment Requirements if the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) determines that a higher level cybersecurity assessment should be performed.
NIST SP 800-171 Rev. 2 - NIST Special Publication containing the 110 requirements/controls to be implemented by defense contractors that “touch” CUI
NIST SP 800-171A – Assessment guidelines for NIST SP 800-171 Rev.2. Contains the assessment objectives for each of the 110 controls.
DoD Assessment Methodology - Tool to use to compute your NIST compliance score. Controls are assigned a “value” of either 5, 3 or 1 point(s)
Supplier Performance Risk System – website to upload your self-assessment score
NIST SP 800-171, POAM Template, SSP Template - NIST templates for Plans of Action and Milestones POAM) and System Security Plans (SSP)
Project Spectrum - Website funded by the DoD to assist defense contractors with self-assessments and training. The “Cyber Readiness Check” tool can be used to perform your self-assessment and calculate your score.
CMMC Center of Awesomeness – website developed by Compliance Forge to provide educational resources, technical solutions and gap analyses to NIST SP 800-171 and CMMC.
CONTACT US
Main Point of Contact:
Laura Rodgers
Director of Cybersecurity Practice
Secure Computing Institute
EB II, 2240B
NC State University
ldrodger@ncsu.edu(o) 919-515-5063(c) 828-734-0053-
How to best utilize CyberNC.us: The CyberNC.us website was created to provide North Carolina companies with one location to find all the information they need to develop a cybersecurity compliance program that is compliant with Department of Defense regulations.
The most effective way to utilize the website is to follow the steps below:
- Understand the regulations. Click on the Cybersecurity Regulations tab and review the information about each of the regulations.
- Understand the data. Click on the FCI/CUI tab for detailed information about Federal Contract Information and Controlled Unclassified Information, then review the Cybersecurity Overview presentation.
- The information on the Where to Start tab will help businesses determine which regulation with which they must comply, as well as the level of compliance that is required.
- The DFARS tab contains information about compliance with DFARS 252.204-7012 and the new DFARS Interim Rule.
- The CMMC tab contains information about CMMC 2.0 and includes FAQs and resources.
- The Training tab provides information about resources businesses can use to train their employees.
- The Partners tab contains links to the websites of the I3C partner agencies.
-
The NCMBC and the I3C are not representatives of the DoD or the CMMC Accreditation body. This website is meant to be a community resource for cybersecurity compliance information.
Copyright 2020, North Carolina Military Business Center. All Rights Reserved.