The Department of Defense (DoD) has updated guidance that it will cement clauses 7019 and 7020 of its November 2020 Interim DFARS Rule into a Final Rule in December 2022. The DFARS Interim Rule—currently in effect—aims to strengthen NIST SP 800-171 compliance and requires that all defense contractors that handle CUI (Controlled Unclassified Information) and are subject to DFARS 252.204-7012 not only conduct a NIST SP 800-171 self-assessment, but also report their score to the DoD’s SPRS (Supplier Performance Risk System). The Interim Rule also requires defense contractors to provide DoD access to its facilities, systems, and personnel as necessary to enable DoD to conduct or renew a higher-level assessment of NIST SP 800-171compliance. In other words, contractors must allow a DoD review of compliance that dives deeper than the contractor’s own self-assessment. The DoD is clearly signaling its intent to enforce defense contractors’ compliance with NIST SP 800-171 under existing DFARS regulations. DoD also has indicated that CMMC is scheduled to become an Interim Rule in March 2023. Since both DFARS and CMMC require contractors to comply with the same NIST SP 800-171 framework, increased enforcement means that your organization needs to act now to protect its CUI and comply with NIST SP 800-171 and related DoD mandates. This blog explains what defense contractors need to do now to meet DoD cybersecurity mandates and maintain their competitive position in the DIB. Inaction poses a serious risk to the ongoing viability of your DoD-related business, as described below.
The Dec. 2022 Final DFARS Rule means significant business risk for defense contractors that fail to take action
Cyber threats have become one of the most important strategic threats facing the United States. In response, the DoD is urgently ramping up enfo ..
Support the originator by clicking the read the rest link below.
