DFARS Resources

Many of these links are embedded in various presentations or on other tabs on this website, but they are all located here for your convenience.

DFARS Interim Rule – Published Nov. 2020 and added DFARS 252.204-7019/7020. DFARS 7021 (CMMC) will not go into effect until the rulemaking process has been completed.

DoD DFARS 252.204-7012 FAQs  - DoD’s answers to DFARS 7012 FAQs. NOTE: The answers are based on how the DoD want DFARS 7012 implemented. The answers do not apply to organizations outside of the defense industrial base.

DFARS 252.204-7012 – Safeguarding Covered Defense Information and Cyber Incident Reporting. This clause applies to contractors that “touch” controlled unclassified information (CUI).

DFARS 252.204-7019 -  Notice of NIST SP 800-171 Assessment Requirements for Basic, Medium and High Assessments

DFARS 252.204-7020 -  NIST SP 800-171 Assessment Requirements if the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) determines that a higher level cybersecurity assessment should be performed.

NIST SP 800-171 Rev. 2  - NIST Special Publication containing the 110 requirements/controls to be implemented by defense contractors that “touch” CUI

NIST SP 800-171A – Assessment guidelines for NIST SP 800-171 Rev.2. Contains the assessment objectives for each of the 110 controls.

DoD Assessment Methodology -  Tool to use to compute your NIST compliance score. Controls are assigned a “value” of either 5, 3 or 1 point(s)

Supplier Performance Risk System – website to upload your self-assessment score

NIST SP 800-171, POAM Template, SSP Template - NIST templates for Plans of Action and Milestones POAM) and System Security Plans (SSP)

Project Spectrum -  Website funded by the DoD to assist defense contractors with self-assessments and training. The “Cyber Readiness Check” tool can be used to perform your self-assessment and calculate your score.

CMMC Center of Awesomeness – website developed by Compliance Forge to provide educational resources, technical solutions and gap analyses to NIST SP 800-171 and CMMC.