Let’s Prove it’s COTS
And Let’s Prove DFARS and CMMC Do Not Apply
Is it Commercial Off The Shelf COTS?
Do you make and sell Commercial Off The Shelf COTS products to the DoD or your prime customer? If so, NIST 800-171 and CMMC requirements do not apply. The determination is often very nuanced. A COTS exemption saves the cost of an unnecessary CMMC 2.0 compliance program.
If you believe your products are Commercial Off The Shelf COTS and meet the requirements under applicable federal regulations, we can help you prove it.
COTS Exemptions – An Executive Summary
Your products first need to meet the definition of a commercial item. This means there’s a market for them in the public sector. They’re sold in significant quantity and you have competitors that also sell them. In other words, they’re not “one-offs” that only you sell to the US government. And the price you charge the US government must be the same as it is for your commercial market sales. Further, your products cannot be modified from what you sell in the public sector.
Here’s a simple example: You sell stainless steel nuts, bolts and washers in standard sizes with the same build of materials as those found in local hardware stores. Those qualify as COTS and you’ll be successful in pursuing an exemption from DFARS and CMMC requirements. But if your US government contract requires a higher grade of steel with more strict size tolerances, those won’t qualify for COTS exemption.
Practically speaking however, the determination is more nuanced.
How We Work Together – COTS
- We analyze the nature of the products you sell to your prime customers and/or the U.S. DoD to determine if they qualify for a COTS exemption.
- We assess your product functionality and configuration choices to verify they are not custom specifications or tolerances.
- If we establish that your product’s functionality and options are the same for your DoD and commercial market buyers, we prepare and document a COTS self-determination deliverable package for you to submit to your prime customers.
“We received those CUI/DFARS compliance letters from our three prime customers and were thrilled to learn (from KLC ) that we qualify for a COTS exemption. All three approved! Thank you for your help in saving us over $150,000!”– Rhode Island manufacturer of precious metal alloys
Call for an Introductory No-Cost Consultation: 617.314.9721 x158
One of our high-value service offerings, complete in 30-45 days.
We work together to provide:
- A COTS self-determination analysis report for each product in scope and a detailed summary as to whether it does or does not meet the DoD’s COTS qualification requirements
- One hour debrief call to present deliverable reports and answer all of your questions
- Relief from non-applicable CMMC level 2.0 and higher requirements (requires approval from the DoD or your prime contractor)
Prices start at $10,500
- Number of products
- Complexity of products
Not COTS? We’re ready to help you develop your CMMC compliance program
Learn more about Commercial Off The Shelf COTS Check out our latest video discussion!
This video discusses what you need to know about COTS exemptions DFARS cybersecurity requirements.
[Kelly] what is COTS and how does it affect people in the Defense Industrial Base?
[Kyle] COTS is what we call “Commercially Off The Shelf Products (continues)
2 COTS Case Studies
Here are two case KLC Consulting case studies that show you how to avoid unnecessary CMMC compliance costs.
Case Study #1: COTS exemption for a precision fluid dispensing equipment manufacturer
Case Study #2: COTS exemption for a manufacturer of precious metal alloys
Remediate POAM Deficiencies and Achieve CMMC Compliance
Remediate Your POAM Items
KLC Consulting’s DoD cybersecurity experts coordinate with your team to support all areas of NIST 800-171 and CMMC. Let’s get started on your CMMC Compliance program!