DoD Adding New Arrows to Contracting Officers’ Quivers (via SPRS)

DoD published a notice that DFARS 252.204-7024 will soon be published. This new clause requires contracting officers to consider supply chain risk and SPRS-reported risk information, as part of the award decisions. Click through for additional information!

2022 Year End CMMC Program Status Update

2022 saw a lot of changes to the CMMC program, and even to the government’s approach to supply chain cybersecurity. In this post, we summarize some of the key DoD-related changes in an effort to help contractors understand what they will likely encounter in 2023.

The $0 CMMC Level 2 Compliance Fallacy

Government representatives have stated that complying with CMMC 2.0 Level 2 shouldn’t cost contractors or the government anything, because contractors have been attesting to the government that they are doing these things for years. This article explores why this is correct only for a small minority (17 out of 110) of the controls in CMMC 2.0 Level 2.

On NIST SP 800-171, NFO Controls and Polices, Procedures, and Plans

With CMMC 2.0, DoD removed process maturity as an assessed requirement. Some commentators are suggesting that NIST 800-171’s “NFO” controls inherently require policies. We explore the requirement in this article.

Analysis of CMMC 2.0

Former CMMC-AB board of directors James Goepel, Mark Berman, and Ben Tchoubineh authored a letter to the President which analyzes why CMMC 2.0 is inconsistent with the President’s recent Executive Order and is harmful to our national security.

Can DCMA’s DIBCAC Teams Handle the CMMC C3PAO Authorization Workload?

CMMC depends upon Authorized C3PAOs. DCMA’s DIBCAC team plays a crucial role in the C3PAO authorization process. However, the DIBCAC teams’ calendars were already full prior to CMMC. In this article, co-authored with Kyle Lai, Carter Schoenberg, Tony Buenger, and Derek White, we discuss whether the current system is likely to clear the CMMC C3PAO backlog in a timely manner and explore a few alternatives.