FAR/DFAR Cybersecurity Compliance
Compliance with the requirements of:
Cybersecurity Maturity Model Certification 2.0 (CMMC)
- Level 1 – 15 requirements aligned with FAR 52.204-21
- Level 2 – 110 requirements aligned with NIST SP 800-171
FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems
- 15 basic security controls to handle Federal Contract Information (FCI)
NIST SP 800-171 Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations
- Security requirements for protecting CUI when the information
- is in nonfederal systems and organizations.
- System Security Plan (SSP)
- Plan of Action and Milestones (POAM)
- Assessment in the DoD Supplier Performance Risk System (SPRS)
DFARS 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting
- Implementation of the technical controls found in NIST SP 800-171, on company’s systems that handle CUI (e.g., generate, transmit, store, process, etc).
DFARS Clause 252.204-7019 / -7020
- Conduct NIST self-assessment and report scores to the DoD Supplier Performance Risk System (SPRS) database.