This 1m video features Kyle Lai explaining the differences between these DFARS clauses for DoD Prime and Subcontractors
DFARS Clauses applicable to DoD Defense Industrial Base Companies
U.S. DoD cybersecurity expert Kyle Lai presents this DoD DFARS Clauses Explained video.
Some people are confused about the requirements of DFARS 252.204-7012, 7020, and 7021. Or cybersecurity maturity model certification or CMMC and how do they relate to each other.
DFARS 252.204-7012
DFARS 7012 specifies the requirements for protecting CUI or controlled unclassified information that is received from the DoD, or covered defense information or CDI, as mentioned in the DFARS 7012. This clause is in most if not all of the DoD contracts today. The requirements are based on NIST 800-171 and additional cyber security incident response planning and reporting. DFARS 7012 is a different form of assessment of the NIST 800-171 requirements
DFARS 252.204-7020
And DFARS 7020 is a different form of assessment of the NIST 800-171 requirements that is based on the DoD assessment methodology, which leads to the submission of the score in the DoD SPRS system.
DFARS 252.204-7021
DFARS 7021 or CMMC requires an assessment or certification of your implementation of NIST 800-171 requirements.
Thank you for watching!
This is Kyle Lai, President, and Chief Information Security Officer at KLC Consulting. If you have any additional questions, please contact us at cmmc@klcconsulting.net. Thank you.
Check out our YouTube channel and LinkedIn pages for the latest information and education resources for Cybersecurity Maturity Model Certification.
Flowdown Requirements? Explained Here!
Free advice and useful resources
Please visit our main page for more information about our NIST 800-171 and CMMC compliance services