Since 12/31/2017, The DoD has expected the supply chain to conform with the NIST 800-171 cybersecurity standards. The expectation, including the flow down clause for subcontractors, has been in the Defense Federal Acquisition Regulations (DFARS) 252.204-7012 section of contracts. NIST 800-171 requirements include Physical, Technical, and Administrative security controls across 14 families and require companies to have a System Security Plan (SSP), Plan of Actions & Milestones (POA&M), and Incident Response Plan. Companies were able to self-attest that they are conforming. The DoD was growing more and more concerned around the threat of cyber-attacks and estimating that less than 20% of the supply chain was meeting the standards. Therefore, the Cybersecurity Maturity Model Certification (CMMC) was created. Rather than self-attest, there will be a third-party assessment and certification process to hold the supply chain accountable to the standards.
If you are interested in this item and have some questions, feel free send an inquiry.
Click Here
On the Go?
Scan our QR code and use your phone to access our catalog.Text NJMEPINC to 866-866-5545