NIST SP 800-171 and DFARS clause 252.204-7012

NIST SP 800-171 and DFARS clause 252.204-7012

Malicious cyber actors target the Defense Industrial Base (DIB) sector and supply chain of the Department of Defense (DoD)

Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, requires contractors and subcontractors to provide ‘adequate security’ to safeguard Department of Defense (DoD) controlled unclassified information (CUI), report cyber incidents and implement the security requirements in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations.


DFARS Interim Rule

Effective November 20, 2020, requires self-assessments be submitted to DoD as a prerequisite to contract award (SPRS)


CyAD provides support to meet the following requirements:

  • System Security Plan that describes your environment and addresses all 110 requirements of NIST SP 800-171
  • Plan of Action and Milestones that describes a full plan to achieve 100% compliance with NIST and DFARS 252.204-7012
  • Self-assessment using NIST SP 800-171 Assessment Methodology
  • Submit documents and self-assessment score to DoD prior to next contract award
%d bloggers like this: