Free DoD Tools to Help Contractors with Cybersecurity and Compliance
In a recent PreVeil webinar, Stacy Bostjanick (DoD’s CMMC Program Head and Chief of DIB Cybersecurity) highlighted several free resources designed to help defense contractors comply with DFARS 7012 . The tools were recommended by Bostjanik as she provided updates on DFARS regulations and the DoD’s CMMC program. Bostjanik noted, ... Read More
Coming soon from your Prime: A minimum SPRS score requirement
As if a switch has been turned on, since the beginning of 2023 more and more subcontractors throughout the Defense Industrial Base (the DIB) are reporting being asked by their primes for their SPRS scores. And many are being told a minimum score they need to achieve to keep doing ... Read More
The DoD’s New DFARS Final Rule 252.204-7024: What does it mean for defense contractors?
DFARS Final Rule 252.204-7024, Use of Supplier Performance Risk System (SPRS) Assessments, (aka DFARS 7024) was published in March 2023 and effective immediately. It provides guidance to DoD Contracting Officers about how to use SPRS data. The Department of Defense (DoD) explains that “DFARS 7024 requires contracting officers to ... Read More
Five Things You Have to Know About Your SPRS Score
An SPRS score is a report card that signals a defense contractor’s level of compliance with the 110 security controls stipulated in NIST SP 800-171. High scores are evidence of high levels of compliance; low scores are a red flag that contractors present risk to the DoD supply chain. Every ... Read More
What Defense Contractors Must Know About DFARS 252.204-7020?
If you’re a contractor for the Department of Defense (DoD) and have a DFARS 7012 clause in your contract, then the DFARS 7020 clause most likely applies to you. DFARS 7020 is focused on the enforcement of existing cybersecurity standards found in DFARS 7012. Along with DFARS 7019, 7020 gives ... Read More
Why Defense Contractors Need to Comply with DFARS Now
There are many reports that the effective date for the expected CMMC 2.0 rules will be delayed, perhaps to 2024. Should companies comply now with DoD’s cyber requirements? Yes – definitely. The core DoD requirements are established in the regulations and imposed by contract. There are three ... Read More
Six IT Talking Points: Briefing your CEO on DoD compliance
As the head of IT, your job to keep your organization’s networks up and running and secure is a challenge in any environment—and even more so when you’re doing work for the Department of Defense (DoD). The aim of this blog is to help guide the critical conversations you need ... Read More
Five Questions Every CEO Should Ask About DFARS & CMMC Compliance
If you’re the CEO of an organization that does work for the Department of Defense (DoD)—no matter how far down the supply chain—this blog is written for you. It presents the top five questions CEOs should ask IT staff about their organization’s compliance with the DoD’s cybersecurity regulations found in ... Read More
What is DFARS 7019 and how can contractors comply with it?
DFARS 252.204-7019, entitled Notice of NIST SP 800-171 Assessment Requirements, was released along with clauses 7020 and 7021 in the DoD’s November 2020 DFARS Interim Rule. The DFARS 7019 clause requires contractors to complete two main tasks: Conduct a self-assessment of NIST SP 800-171 compliance according to DoD Assessment Methodology, ... Read More
What is DFARS 252.204-7012 and Why It’s Important
The DFARS 252.204-7012 clause (aka DFARS 7012) was created in response to increases in cyberthreats aimed at contractors in our Defense Industrial Base (the DIB). It went into effect at the end of 2017 and established cybersecurity requirements that contractors must meet to safeguard the defense information they handle during ... Read More