![]() The DoD Memo also reminds contracting officers of their own obligation to verify that, for any new award, including new orders or extensions, the contractor has posted the summary level score of a current NIST SP 800-171 DoD Assessment for the relevant system(s) in SPRS. The DoD Memo reminds contracting officers that even where such assessments are not required- i.e., in contracts that do not include DFARS 252.204-7020-contractors are still required to implement all NIST SP 800-171 requirements or to have a plan of action and milestones for each requirement not yet implemented. This rule requires DoD agencies to include in most solicitations, contracts, task and delivery orders on a go-forward basis, a new clause-DFARS 252.204-7020-that requires contractors to post self-assessment scores regarding compliance with the National Institute of Standards and Technology (NIST) SP 800-171 in the Supplier Performance Risk System (SPRS) and to provide access to contractor facilities, systems and personnel necessary for the government to conduct additional assessments. On November 30, 2020, for example, interim DFARS Rule 2019-D041 took effect. ![]() Additional rules that have since been implemented have put more teeth into those requirements. Defense contractors should pay close attention to this clarion call, have a firm handle on their current cybersecurity posture, track what has been represented to DoD, and promptly address any daylight between their current state and any such prior representations.ĭFARS 252.204-7012-which requires contractors to provide adequate security on covered contractor information systems-has been in effect since October 2016. ![]() The DoD Memo reminds contracting officers that even in contracts that do not include the self-assessment requirement imposed by DFARS 252.204-7020-i.e., contracts issued prior to November 30, 2020, that do not include related assessment and access requirements-there are “alternative remedies and tools” contracting officers can and should consider employing in the event of noncompliance. ![]() On June 16, 2022, the US Department of Defense (DoD) issued a memorandum ( DoD Memo) “reminding” contracting officers that noncompliance with the Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012, “Safeguarding Covered Defense Information and Cyber Incident Reporting,” may constitute a breach of contract, and that such breach may justify the government’s withholding progress payments, foregoing remaining contract options and potentially terminating part of or the entire contract. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |