The Impact of the NIST SP 800-171 Rev. 3 Discussion Draft on CMMC and Related Programs

NIST released a discussion draft of SP 800-171 Rev 3 late last week. This article describes the impact that discussion draft will likely have on DoD’s CMMC program and provides some insights for contractors who are proactively preparing for Rev 3’s (eventual) release.

Under the Microscope: The -7024 Clause

The recently published DFARS 252.204-7024 clause allows DoD contracting officers to consider a LOT of attributes when awarding contracts. But, as explored in this article, it does NOT give them the ability to set minimum SPRS scores for contractors.

DoD Adding New Arrows to Contracting Officers’ Quivers (via SPRS)

DoD published a notice that DFARS 252.204-7024 will soon be published. This new clause requires contracting officers to consider supply chain risk and SPRS-reported risk information, as part of the award decisions. Click through for additional information!

FAR and Above and SPRS Scoring Tool Downloaded Over 11,000 Times! New Update Available!

Our automated SPRS and FAR and Above scoring tool has been downloaded over 11,000 times since the first version was released in 2021! We recently updated the tool to version 2023.02a. The changes include a bug fix to the SPRS scoring for 3.13.11, the addition of FAR and Above and SPRS scores to the SSP (more…)

2022 Year End CMMC Program Status Update

2022 saw a lot of changes to the CMMC program, and even to the government’s approach to supply chain cybersecurity. In this post, we summarize some of the key DoD-related changes in an effort to help contractors understand what they will likely encounter in 2023.

Pentagon’s Joint Surveillance Program in Full Swing

The United States Department of Defense (“DoD”) has begun its “Joint Surveillance Program” in conjunction with the CyberAB, the organization tasked with overseeing the CMMC ecosystem. Under the Joint Surveillance Program, members of DoD’s Defense Industrial Base Cybersecurity Assessment Center (“DIBCAC”) accompany and oversee representatives from CyberAB authorized Certified 3rd Party Assessment Organizations (“C3PAOs”) as (more…)

Rule Change is Imminent. Are You Ready?

The CMMC Implementation Conference is being held January 18-20 at the beautiful University of San Diego. Chock full of valuable tips and tools for business owners, service providers, and those charged with implementing the CMMC requirements, CIC2023 is NOT your ordinary CMMC conference. Learn how to Stop Talking. Start Doing. You can even take CCP or (the first ever) CCA training classes before the conference and reinforce your learning at the conference! Register today at https://CIC2023.org

NIST SP 800-171/CMMC 2.0 Self-Assessment Tool Updated to Include Automated FAR and Above and SPRS Scoring, and More

We are excited to announce the release of the new version of our CMMC 2.0/NIST SP 800-171 Self-Assessment Tool. This version includes automated FAR and Above and SPRS scoring and much more!