This 3m video discusses recent notification letters being received by DoD contractors and subcontractors regarding DFARS 252.204 7012 / NIST 800-171 / CMMC Compliance. Don’t worry, we’re here to help. We specialize in DoD Cybersecurity compliance! And we’ll help you get to where you need to be- quickly and affordably.
You received a notice from the DOD about DFARS 252.204-7012, what’s next?
So… you received a notice from your DOD contract official or prime contractor about safeguarding Covered Defense Information (CDI), Controlled Unclassified Information (CUI), and Cyber Incident Reporting. And it probably has language that refers to DFARS Section 252.204 7012. What’s THIS all about?
You received this letter because you’re a defense industrial base company with a contract that requires you to handle CDI or CUI. Or, you provide Operationally Critical Support as part of your performance requirements. The letter is your reminder about your obligation to safeguard it.
What is safeguarding?
Safeguarding, here, means you have an obligation to implement the NIST 800-171 cybersecurity standard to comply with DFARS 252.204 7012. And you can bet the finished version of CMMC will have that requirement, too.
You are obliged to report the cyber incidents you experience when they affect CDI or CUI. Or affect your ability to perform services designated as “operationally critical support”. A cyber incident is a virus, malware, or other security incident. When you discover it, and if you can isolate it, you must submit it to the DOD Cyber Crime Center. And the DOD may elect to conduct a follow-up damage assessment. These requirements flow down to DOD subcontractors, too.
The new interim DFARS 252.204-7012 rule and CMMC Consulting
I should also talk about the new interim rule that went into effect November 30, 2020 regarding DFARS 252.204 7012. You’re required to submit your NIST 800-171 self-assessment score to the DOD’s SPRS system. A perfect score is 110. No one wants to look bad by submitting a low score, with a long and drawn out POAM period. However, keep in mind the DOD may audit your self-assessment. And, it has the authority to cancel contracts under the “False Claim Act”. So, honesty is the best policy here.
And look, we get it: for many small to medium sized businesses, the challenge of becoming NIST 800-171 and CMMC compliance is a real headache. We hear you, and we’re here to help. We simplify the process with our proprietary CUI Data Lifecycle Methodology. It uses your everyday business language to create user-friendly policy and procedure templates that we provide you with. And we give you as much or as little help as you need- and want to pay for- through our expert virtual CISO service.
KLC is a recognized C3PAO company and provides NIST 800-171 and CMMC Consulting Services
Our company helps DOD contractors meet CMMC and NIST 800-171 requirements through agile solutions that achieve compliance, gain trust, and win contracts. So, let’s talk about getting you compliant. Thank you!
Please visit our YouTube channel for other free resources and cybersecurity discussion topics. LIKE and SUBSCRIBE!
And please visit us on LinkedIn.