As the much-anticipated release of the CMMC 2.0 rule approaches defense contractors are wondering what they need to do to be prepared. The answer is, you’re already late because most don’t understand that, thanks to the DFARS regulations, you were already supposed to be compliant with the NIST 800-171 framework. Pro-tip, NIST 800-171 is the underlying framework for CMMC.  

NIST SP 800-171 is a framework that lays out how contractors must protect sensitive defense information and report cybersecurity incidents. Specific DFARS clauses requires contractors to comply with NIST SP 800-171 and sets out additional rules for the protection of CDI. Contact us if you want to know which clauses apply to you.

Begin now by assessing your current compliance with NIST SP 800-171 and taking steps to address any gaps, whether for CMMC or DFARS, don’t let this stop you from winning your next bid. So don’t wait – start working through those POAMs now! 

Alphabet Soup Glossary:  

• CDI = Covered Defense Information  
• CMMC = Cyber Maturity Model Certification 
• DFARS = Defense Federal Acquisition Regulation Supplement  
• NIST = National Institute of Standards and Technology 
• POAM = Plan of Action and Milestones 

BACK TO BLOGS