Many of these links are embedded in various presentations or on other tabs on this website, but they are all located here for your convenience.
DFARS Interim Rule – Published Nov. 2020 and added DFARS 252.204-7019/7020. DFARS 7021 (CMMC) will not go into effect until the rulemaking process has been completed.
DoD DFARS 252.204-7012 FAQs - DoD’s answers to DFARS 7012 FAQs. NOTE: The answers are based on how the DoD want DFARS 7012 implemented. The answers do not apply to organizations outside of the defense industrial base.
DFARS 252.204-7012 – Safeguarding Covered Defense Information and Cyber Incident Reporting. This clause applies to contractors that “touch” controlled unclassified information (CUI).
DFARS 252.204-7019 - Notice of NIST SP 800-171 Assessment Requirements for Basic, Medium and High Assessments
DFARS 252.204-7020 - NIST SP 800-171 Assessment Requirements if the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) determines that a higher level cybersecurity assessment should be performed.
NIST SP 800-171 Rev. 2 - NIST Special Publication containing the 110 requirements/controls to be implemented by defense contractors that “touch” CUI
NIST SP 800-171A – Assessment guidelines for NIST SP 800-171 Rev.2. Contains the assessment objectives for each of the 110 controls.
DoD Assessment Methodology - Tool to use to compute your NIST compliance score. Controls are assigned a “value” of either 5, 3 or 1 point(s)
Supplier Performance Risk System – website to upload your self-assessment score
NIST SP 800-171, POAM Template, SSP Template - NIST templates for Plans of Action and Milestones POAM) and System Security Plans (SSP)
Project Spectrum - Website funded by the DoD to assist defense contractors with self-assessments and training. The “Cyber Readiness Check” tool can be used to perform your self-assessment and calculate your score.
CMMC Center of Awesomeness – website developed by Compliance Forge to provide educational resources, technical solutions and gap analyses to NIST SP 800-171 and CMMC.