DoD published a notice that DFARS 252.204-7024 will soon be published. This new clause requires contracting officers to consider supply chain risk and SPRS-reported risk information, as part of the award decisions. Click through for additional information!
DoD is amending the DFARS to add SPRS score values (rather than simply the submission of a self-assessment score to SPRS) as part of the contract evaluation and award process.
Our automated SPRS and FAR and Above scoring tool has been downloaded over 11,000 times since the first version was (more…)
2022 saw a lot of changes to the CMMC program, and even to the government’s approach to supply chain cybersecurity. In this post, we summarize some of the key DoD-related changes in an effort to help contractors understand what they will likely encounter in 2023.
2023 is shaping up to be a HUGE year for the CMMC program! DoD closed out 2023 by kicking off (more…)
The United States Department of Defense (“DoD”) has begun its “Joint Surveillance Program” in conjunction with the CyberAB, the organization (more…)
There is a LOT of confusion in the contractor community over whether contractors have the authority to take it upon themselves to mark legacy information (e.g., FOUO, SBU, etc.) or unmarked information as CUI. In this article, we do a quick analysis based on the governing regulation and agency memorandum.
Is a contractor’s system security plan (“SSP”) Controlled Unclassified Information (“CUI”)? The answer depends on who is asking the question.
The DoD Assessment Methodology is a great attempt to create a standardized approach to evaluating contractor cybersecurity programs. However, it (more…)
Deciding when to hire an expert to help with cyber compliance can be daunting. We have updated our Comprehensive NIST SP 800-171 Self-Assessment Tool with DIY/outsource recommendations for each requirement and objective.