DFARS

Everything you need to know about government acquisition cyber clauses. If you are doing business with the Department of Defense or United States Government, you’ll find lots of guidance in our knowledge base. We provide analysis on DFARS 252.204 and related clauses. We post news, changes, updates; in other words news you need to get and stay compliant.

Using NIST SP 800-171A to Perform Self-Assessments and Scoring under the New DFARS Cybersecurity Rule

You are probably well aware at this point that the Department of Defense has published new (interim) cybersecurity rules (effective November 30, 2020). Much of the press around this announcement has been about the Cybersecurity Maturity Model Certification (CMMC). However, it is unknown when and to whom CMMC will apply over the next five years…. Read more »

DoD Now to Require Cybersecurity Self-Assessments with New DFARS Rule

On September 29, 2020, the Department of Defense (DoD) issued an  interim rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS). The interim rule implements the Cybersecurity Maturity Model Certification (CMMC) program. The rule introduces a new construct: the DoD Assessment Methodology.  Before contracts undergo a full CMMC review, this new construct will serve as… Read more »

CMMC Cometh

Tomorrow, September 29, 2020, the Department of Defense anticipates issuing an interim rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS) to implement a DoD Assessment Methodology and Cybersecurity Maturity Model Certification framework in order to assess contractor implementation of cybersecurity requirements and enhance the protection of unclassified information within the DoD supply chain…. Read more »

What’s New in CMMC Draft Version 0.6?

In November, the DoD released the newest draft of the  Cybersecurity Maturity Model Certification (CMMC), version 0.6.  CMMC Version 0.6 revised Levels 1-3.  Levels 4-5 are expected to be addressed in the next version. Key points on FCI and CUI Levels 1 and 2 are not intended for Controlled Unclassified Information (CUI). Instead, Levels 1… Read more »

The Higher Ed Model for Cybersecurity Compliance

There are fundamental challenges to fully implementing the NIST 800-171 cybersecurity framework. However, a new study shows that higher education institutions overcome these challenges and place among the top tier of organizations for compliance. Organizations that handle sensitive government information and data face a foreign intelligence threat that is unprecedented in history. Despite this, most… Read more »

CMMC Listening Tour Event in Huntsville, Ala. to Feature Sera-Brynn Expert Heather Engel

The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) has announced a new stop on its Cyber Security Maturity Model (CMMC) listening tour: the Cloud Security and Compliance conference. Hosted by Summit 7 Systems, the one-day conference will be held in Huntsville on August 27, 2019. Registration is available here. Presenting… Read more »

Live Webinar: Impacts of New NIST 800-171 (Revision 2) on Government Contractors

Heather Engel, Chief Strategy Officer of Sera-Brynn, will join Scott Edwards, Summit 7 Systems President, to discuss the highly-anticipated revision to NIST SP 800-171. NIST 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, was first published in December 2016 (and updated in June 2018).  Under Defense Federal Acquisition Regulation Supplement (DFARS), all U.S…. Read more »

Oversight is Coming – Part 2: DCMA to Assess Supply Chain Compliance with DFARS

Last week, we covered the DoD memo assigning DCMA audit responsibilities for marking CUI. The same memo indicates that DCMA will also be evaluating a contractor’s procedures for assessing supply chain compliance with DFARS 252.204-7012. Today we are taking a deeper dive into what that means and what a supply chain assessment looks like. As… Read more »

Oversight is Coming: How to Prepare for a DCMA Supply Chain Audit

This article is the first in a two-part series. On January 21, 2019 the DoD released a memo requiring DCMA to validate contractor procedures for supply chain management. If you are a prime or sub on Department of Defense contracts, then your contracts are already subject to DCMA administrative oversight. This new memo adds to… Read more »