Georgia Tech Procurement Assistance Center

  • Home
  • About Us
  • Training
    • Class Registration
    • On-demand Training
    • GTPAC COVID-19 Resource Page
    • Cybersecurity
    • Veterans Verification Video
    • GTPAC Community
    • Other Training Audio & Video
  • Useful Links
  • Team Directory
    • Albany Counselor
    • Atlanta Counselors
    • Augusta Counselor
    • Carrollton Counselor
    • Columbus Counselor
    • Gainesville Counselor
    • Savannah Counselor
    • Warner Robins Counselor
  • Directions
    • Atlanta – Training Facility
    • Atlanta – Office
    • Albany
    • Augusta
    • Carrollton
    • Columbus
    • Gainesville
    • Savannah
    • Warner Robins
  • COVID-19
  • New Client Application
  • Contact Us

DoD publishes long awaited interim rule on CMMC

October 2, 2020 By Andrew Smith

At long last, the Department of Defense (“DoD”) has provided its interim rule, published in the Federal Register on September 29, 2020, amending the Defense Federal Acquisition Regulation Supplement (“DFARS”) to set forth requirements for the Cybersecurity Maturity Model Certification (“CMMC”) program, as well as new requirements for a “NIST SP 800-171 DoD Assessment Methodology.”  The interim rule is effective November 30, 2020, and comments to the interim rule should be submitted by November 30 as well. 

NIST SP 800-171 DoD Assessment Methodology

For contractors already required to comply with NIST SP 800-171, per DFARS 252.204-7012, DoD now is going to hold those contractors accountable, instituting an assessment and reporting system to verify compliance before new contracts can be awarded.  While the new requirement is for information to be provided prior to contract award, DoD encourages affected contractors to begin their self-assessments immediately.

The Assessment Methodology will include three assessment levels:  (1) Basic, (2) Medium, and (3) High.  The Basic Assessment will be a self-assessment completed by the contractor prior to contract award, while the Medium and High Assessments are available options for DoD to complete after award.  DoD estimates it will conduct 200 Medium Assessments and 110 High Assessments each year.  Additional information regarding DoD assessments is available here.

There is a specific scoring methodology to be followed for the Assessment.  A contractor that has fully implemented all 110 NIST SP 800-171 controls will have a score of “110.”  It goes without saying that contractors will need to be careful here – an inaccurate report could subject a company to exposure under the False Claims Act.

Assessments will be valid for three years unless there are issues requiring a reassessment sooner.  The newly-announced Assessment Methodology appears to be an immediate solution to provide DoD some peace of mind on contractor data security until the CMMC program can be fully implemented.

Continue reading at the Sheppard Mullin GovCon Blog.

Filed Under: Contracting News Tagged With: CMMC, cybersecurity, Cybersecurity Maturity Model Certification, DFARS 252.204-7012

Recent Posts

  • Georgia Tech creates new Office of Corporate Engagement
  • Federal contractor indicted for stealing over $1.2 million from the U.S. Postal Service
  • SBA hosting “Contract Bonds and Surety Bond Guarantee” webinar April 20th
  • GSA hosting “Getting on the GSA Schedule” webinar April 13th
  • NIH hosting 2021 small business program conference April 26-30th

Popular Topics

8(a) abuse Army bid protest budget budget cuts certification construction contract awards contracting opportunities cybersecurity DoD DOJ False Claims Act FAR federal contracting federal contracts fraud GAO Georgia Tech government contracting government contract training government trends GSA GSA Schedule GTPAC HUBZone innovation IT Justice Dept. marketing NDAA OMB SBA SDVOSB set-aside small business small business goals spending subcontracting technology VA veteran owned business VOSB wosb

Contracting News

Federal contractor indicted for stealing over $1.2 million from the U.S. Postal Service

CMMC announces new advisory council to collect industry feedback

EEOC announces April 26 opening date for the collection of 2019 and 2020 EEO-1 component 1 data

Contractors line up to rebuild MARTA’s Five Points Station

GDOT announces $828.8 million in projects to transform Ga. 316

Read More

Contracting Tips

A whole new marketplace: GSA’s “commercial platforms” initiative

CRS Reports: Mentor-Protégé programs and small business size standards

CRS Report: Small businesses and COVID-19, relief and assistance resources

How do I find out what the government is buying?

Past performance isn’t always a required evaluation factor, says GAO

Read More

GTPAC News

SBA hosting “Contract Bonds and Surety Bond Guarantee” webinar April 20th

GSA hosting “Getting on the GSA Schedule” webinar April 13th

NIH hosting 2021 small business program conference April 26-30th

Defense Counterintelligence and Security Agency hosting industry day and matchmaking May 6th and 20th

Missile Defense Agency hosting virtual conference May 11-13th

Read More

Georgia Tech News

Georgia Tech creates new Office of Corporate Engagement

Delta Jacket wins 2021 Georgia Tech InVenture prize

Future of 5G is under the microscope at Georgia incubator

Collective worm and robot “blobs” protect individuals, swarm together

The Partnership for Inclusive Innovation is now accepting applications for pilot programs

Read More

  • SAM.gov registration is free, and help with SAM is free, too
APTAC RSS Twitter GTPAC - 30th Year of Service

Copyright © 2021 · Georgia Tech - Enterprise Innovation Institute