DFARS 252.204-7012 Compliance Video

This 3m video discusses recent notification letters being received by DoD contractors and subcontractors regarding DFARS 252.204 7012 / NIST 800-171 / CMMC Compliance. Don’t worry, we’re here to help. We specialize in DoD Cybersecurity compliance! And we’ll help you get to where you need to be- quickly and affordably.

You received a notice from the DOD … what next?

So… you received a notice from your DOD contract official or prime contractor about safeguarding Covered Defense Information (CDI), Controlled Unclassified Information (CUI), and Cyber Incident Reporting. And it probably has language that refers to DFARS Section 252.204 7012. What’s THIS all about?

Well, you received it because you’re a defense contractor/subcontractor, and you have a contract that requires you to handle CDI or CUI. Or, you provide Operationally Critical Support as part of your performance requirements. So, you’re being notified or reminded of your requirement to safeguard it.

What is safeguarding? 

Safeguarding, here, means you have an obligation to implement the NIST 800-171 cybersecurity standard to comply with DFARS 252.204 7012. And you can bet the finished version of CMMC will have that requirement, too.

You’re also required to report the cyber incidents you experience when they affect this information, or affect your ability to perform services designated as operationally critical support. A cyber incident is a virus, malware, or other security incident. When you discover it, and if you can isolate it, you’re required to submit it to the DOD Cyber Crime Center. And the DOD may elect to conduct a follow-up damage assessment. These requirements flow down to DOD subcontractors, too.

The new interim DFARS rule and CMMC Consulting

I should also talk about the new interim rule that went into effect November 30, 2020 regarding DFARS 252.204 7012. You’re required to submit your NIST 800-171 self-assessment score to the DOD’s SPRS system. A perfect score is 110. No one wants to look bad by submitting a low score, with a long and drawn out POAM period. However, keep in mind the DOD may audit your self-assessment. And, it has the authority to cancel contracts under the “False Claim Act”. So, honesty is the best policy here. 

And look, we get it: for many small to medium sized businesses, the challenge of becoming NIST 800-171 and CMMC compliance is a real headache. We hear you, and we’re here to help. We simplify the process with our proprietary CUI Data Lifecycle Methodology. It uses your everyday business language to create user-friendly policy and procedure templates that we provide you with. And we give you as much or as little help as you need- and want to pay for- through our expert virtual CISO service. 

NIST 800 171 rev 2 graphic with 14 control families, a precursor to CMMC Compliance

KLC Provides NIST 800-171 and CMMC Consulting Services

Our company helps DOD contractors meet CMMC and NIST 800-171 requirements through agile solutions that achieve compliance, gain trust, and win contracts. So, let’s talk about getting you compliant. Thank you!


KLC Consulting

For more information about CMMC compliance, visit our recent blog post.

And for information about our Affordable DFARS 252.204-7020 (NIST SP 800 171) Help with Your Submission to the DoD SPRS click here

Kyle Lai answers your FAQ about NIST 800-171 and your SPRS submission requirements here

Please visit our YouTube channel for other free resources and cybersecurity discussion topics. LIKE and SUBSCRIBE!

And please visit us on LinkedIn.


TOP