• Home
  • Blog
  • Managed Cyber Security + Compliance Solutions
    • CMMC Compliance
    • DFARS Compliance
    • FISMA Compliance
    • GDPR Compliance
  • Managed Cyber Security
  • Managed IT Services
  • Who We Are
  • Resources
    • CMMC Preparation for DoD Contractors
    • CMMC News
  • Blog
  • Help Desk
  • Free Consultation
  • Contact Us

Support: 800-699-0925 Sales: 800-481-1984

SysArc

IT Company

  • Services
    • IT Risk Management & Compliance
      • Cybersecurity Maturity Model Certification (CMMC) Assessment & Preparation
      • NIST SP 800-171 / DFARS Compliance Solution
      • FISMA Compliance Solution
      • GDPR Compliance Solution
    • Managed Cyber Security
    • Managed IT Service & Support
  • Who We Are
  • Resources
    • CMMC News
    • CMMC Guide for DoD Contractors
    • NIST 800-171 Guide
    • DFARS Interim Rule Guide
    • DFARS Compliance Guide
    • FISMA Compliance Guide
  • Blog
  • Help Desk
  • Free Consultation

DFARS Interim Rule – 5 Key Takeaways to Be Aware of Now

October 16, 2020 by SysArc

DFARS Interim Rule Cover

Download the Official DFARS Interim Rule Document from the Federal Register

On September 29, the Defense Acquisitions Regulation System released a new Interim Rule to supplement current DFARS regulations.

While the Department of Defense is working to get the CMMC program completed in record time, the process is taking longer than anticipated, and CMMC is now slated to be rolled out over a five-year period. But over the past few years, the current method of self-assessment used in DFARS standards has proved insufficient as the DoD supply chain continues to be subjected to cyber attacks, leading to the necessity of more immediate improvements to security.

The purpose of this Interim Rule is to increase DoD contractor security in existing DFARS 7012 requirements while the process of CMMC implementation is still in development. It will ensure that DFARS requirements are being followed by creating a DoD Assessment Methodology and Cybersecurity Maturity Model Certification framework.

This rule enacts new requirements, such as a self-scoring methodology and reporting, as well as the announcement of increased audits at Basic, Medium, and High levels of scrutiny.

5 Key Takeaways to Be Aware of Now

Although there are many takeaways in the new interim rule, we identified the following five items that we think will affect many contractors right away:

  1. This new requirement takes effect on December 1, 2020 for all contractors that are subject to the DFARS 252.204-7012 clause based on their handling of Controlled Unclassified Information (CUI)
  2. Contractors that handle CUI will need to complete a new NIST 800-171 Self-Assessment based on a new scoring methodology and then post their score in the Supplier Performance Risk System (SPRS) before a contract will be awarded
  3. The Self-Assessment must also include the completion of a System Security Plan (SSP) with a Plan of Action and Milestones (POAM) describing the current state of their network and their plan to achieve 100% compliance with the NIST 800-171 requirements
  4. Prime Contractors must flow this requirement down to their subcontractors/suppliers that handle CUI as well.
  5. DCMA will be conducting random audits to ensure companies have not only completed the self-assessment, but have scored themselves accurately, have an SSP and are working towards completing a realistic POAM.

New Interim Rule Self-Assessment Scoring and Reporting

DoD contractors who handle controlled unclassified information (CUI) are very familiar with the NIST SP 800-171 security requirements, which require contractors to self-assess their cybersecurity preparedness.

The NIST SP 800-171 DoD Assessment Scoring Methodology detailed in the Interim Rule will help contractors grade themselves with a standardized score that reflects the NIST SP 800-171 security requirements they do not yet have in place.

How NIST SP 800-171 DoD Assessment Methodology Scoring Works

In order to strategically assess a Contractor’s Implementation of NIST SP 800-171

  • The NIST SP 800-171 DoD Assessment Methodology enables DoD to strategically assess a contractor’s implementation of NIST SP 800-171 on existing contracts which include DFARS clause 252.204-7012, and to provide DoD Components with visibility to the summary level scores of strategic assessments completed by DoD, thus providing an alternative to the contract-by-contract approach.
  • The NIST SP 800-171 DoD Assessment consists of three levels of assessments (see Section 4 of this document). These three types of assessments reflect the depth of the assessment, and the associated level of confidence in the assessment results.
  • Assessment of contractors with contracts containing DFARS clause 252.204-7012 is anticipated to be once every three years unless other factors, such as program criticality/risk or a security-relevant change, drive the need for a different assessment frequency.

SPRS Reporting

To submit your basic assessment to SPRS, you must fill out:

  • Your system security plan name
  • The CAGE code associated with the plan
  • A brief description of the plan architecture
  • The date the assessment was completed
  • Your total score
  • The date that a score of 110 will be achieved

Increased Audits

To ensure the legitimacy of reported results, increased, random audits will be conducted. These check-ups will evaluate companies’ compliance with NIST and the accuracy of their self-assessment score posted on SPRS.

Contractors will receive one of three assessment levels—Basic, Medium, or High—depending on the depth of the assessment and the level to which the contractor has implemented the security measures outlined.

What the Interim Rule Means for DoD Contractors

Get an Assessment Immediately

Even if you’ve had an assessment recently, you probably need to update that assessment to incorporate the new scoring methodology. And this needs to happen quickly, as starting December 1, this will be required for all contractors with a 252.204-7012 clause in their agreement.

In the long term, contractors handling CUI will need to achieve CMMC Level 3 compliance and fulfilling the requirements around  this Interim Rule will put you in a great position to be CMMC Level 3 ready.

DFARS 252.204-7012 Isn’t Going Away

DFARS 7012 was created three years ago in order to better protect the DoD supply chain. CMMC has become the new focus as companies prepare to meet the new standards, but the announcement of the Interim Rule emphasizes that CMMC is building on the foundation of DFARS 7012 and acting as the enforcement mechanism for the cybersecurity standards already in place.

Think of CMMC as a continuation of DFARS, and the Interim Rule as a procedure that helps bridge the gap between the two while CMMC is still being enacted.

Receive a Scored Assessment Now

SysArc has helped over 700 DoD contractors understand the requirements of DFARS 7012 and NIST SP 800-171 and take necessary steps toward compliance. We help DoD contractors properly protect the confidentiality of CUI in order to remain in compliance with regulations and eligible for DoD contracts.

We can help you navigate the requirements of the Interim Rule and other updates as CMMC is rolled out and worked into existing DFARS requirements.

Immediate action is required to get prepared for the December 1 deadline and remain eligible for contracts. Contact us today to receive a scored assessment and guidance through the process of complying with DFARS, the Interim Rule, and future developments in CMMC and DFARS.

Filed Under: CMMC

CMMC/DFARS Compliance Solution for Primes & Subcontractors

We’ve helped over 500 DoD Prime & Subcontractors throughout the U.S. navigate the complexities of DFARS, NIST 800-171, and now CMMC.

Large Prime Contractor Solutions:

  • - Supply Chain Risk Assessments
  • - Business Unit Readiness Assessment
  • - Cyber Compliance Remediation Services

SMB Supplier Solutions:

  • - CMMC Readiness Assessments
  • - Remediation Services
  • - Cyber Compliance as a Service

To speak with our team about your company’s needs or the needs of your suppliers, give us a call or request a consultation online now:

(866) 583-6946
or fill out the form below:

Services

  • Managed Cyber Security
  • IT Risk Management & Compliance
  • Cybersecurity Maturity Model Certification (CMMC) Assessment & Preparation
  • NIST SP 800-171 / DFARS Compliance Solutions for DoD Contractors
  • Managed IT Support
  • Managed Cloud
  • Backup & Disaster Recovery
  • VoIP

11200 Rockville Pike
Suite 201
Rockville, MD 20852

Sales: 800-481-1984

Customer Support: 800-699-0925 ext. 1

Quick Contact

Contact Us

Navigation

  • Home
  • Services
  • Who We Are
  • Help Desk
  • Blog
  • Case Studies
  • Free Consultation
  • Contact Us

Follow Us

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

Latest Tweets

Tweets by @https://twitter.com/sysarcinc

Latest Posts

DFARS Interim Rule – 5 Key Takeaways to Be Aware of Now

Virtual CMMC Summit Event

Encrypted Email & File Sharing Solutions for CMMC Compliance

SysArc Partners with Email & File Sharing Encryption Company PreVeil

SysArc to Present at The Defense Industrial Base Cybersecurity Maturity Model (CMMC) Conference on March 5th, 2020

NIST SP 800-171 Rev. 1 Closely Resembles CMMC Level 3

SysArc © 2021. All Rights Reserved. Powered by Lemonade Stand. | Privacy Policy

SysArc’s CMMC/DFARS Compliance Solution for Prime & Subcontractors


We’ve helped over 500 DoD contractors throughout the U.S. navigate the complexities of DFARS, NIST 800-171, and now CMMC. Through our many experiences, we’ve fine-tuned several solutions that enable our clients to prepare to achieve compliance faster and at a lower cost compared to other solutions that have been popping up in the market recently.

Large Prime Contractor Solutions:

  • – Supply Chain Risk Assessments
  • – Business Unit Readiness Assessment
  • – Cyber Compliance Remediation Services

SMB Supplier Solutions:

  • – CMMC Readiness Assessments
  • – Remediation Services
  • – Cyber Compliance as a Service

To speak with our team about your company’s needs or the needs of your suppliers, give us a call or request a consultation online now.

Call: (866) 583-6946 Schedule a CMMC/DFARS Consultation