Beginning Nov. 30th, 2020, the new DFARS Provision 252.204-7019 will require DoD contractors who handle Controlled Unclassified Information (CUI) to submit to and record a DoD Assessment of their compliance with the 110 controls documented in NIST SP 800-171. Find out more about what this DFARS rule change means for you.

What is DFARS Provision 252.204-7019?

Defense contractors are facing increased scrutiny of their organizations’ cybersecurity programs and a larger obligation to demonstrate that they are compliant with the 110 controls defined in NIST SP 800-171.

NIST 800-171 requires organizations to develop a System Security Plan (SSP) describing their program and a Plan of Action and Milestones (POAM) outlining how and when they would mitigate any gaps in their program. A new rule that goes into effect Nov. 30th also requires contractors to submit the results of a self-assessment and a score for their program into a government database of supplier’s performance information.

Some organizations will be required to undergo government assessment and validation of their program as well. Additionally, prime contractors now have a responsibility to ensure their subcontractors have submitted their information prior to awarding a contact.

Instructions

  1. Click “Create Evaluation” to start your evaluation. On the following screen, please check the box indicating that you accept the Terms of Service and select the “Continue” button
  2. Read through each control and select that Status that best fits your security practices, whether “Undetermined”, “Implemented”, “Planned”, or “N/A”
  3. You can also add Notes as needed
  4. Once you have finished providing a status for each control, click the “Finish” button to view your score. At the bottom of your screen, please click the “Save as PDF” button to save your evaluation. NOTE: You cannot retrieve your evaluation once the window is closed

For more information, please visit our site.

An error has occurred. This application may no longer respond until reloaded. Reload 🗙