Cybersecurity, Privacy, & AI

Trending Now

Plankey Withdraws Nomination to Lead CISA • What Federal Leaders Need to Know About Iran’s Cyber Campaign • Navy Deploys SABER Cybersecurity System Fleetwide • The Supreme Court Is About to Decide How Far Geofence Warrants Can Go • FedRAMP Solicits Public Comment on Overhaul to Incident Communications Procedures

Published on April 13, 2022 • Cyber

Show Me Your SSPs: DOD to Begin Requesting and Assessing Contractors’ System Security Plans

Den Rise | Shutterstock

At a recent Town Hall Meeting hosted by the CMMC Accreditation Body, a Defense Contract Management Agency representative announced that they will begin assessing contractors’ compliance against NIST SP 800-171 security controls through the “Medium Assessment” process that the DoD prescribed in the interim rule that created Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7020. In a Medium Assessment, the Government reviews the contractor’s current documentation (primarily the System Security Plan) and the contractor’s previous self-assessment, which contractors were required to complete by November 2020. The representative explained that he expects these assessments to begin in “a couple months.”

Source:

Wiley: Show Me Your SSPs: DOD to Begin Requesting and Assessing Contractors’ System Security Plans

Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.