How Do You Address Solicitation Requirements and Contract Performance After CMMC Rollout?


Understanding the requirements for compliance with the interim DFARS rule on basic assessment and compliance with Cybersecurity Maturity Model Certification is not a task for the faint of heart. The rule requires that you accurately report the status of your compliance with the cybersecurity requirements in NIST Special Publication 800-171 and, for specific procurements in the initial CMMC pilot program and moving forward, that you address your level of compliance under the CMMC program. Preparation here is crucial as the Department of Defense has announced that all contractors, except those solely furnishing Commercial Off-The-Shelf, must submit their basic compliance assessment into the Supplier Performance Risk System to be considered for future contract awards.