Skip to content

ITAR Registration Code: M49438 / Cage Code: 94U86

(714) 592-0063
CMMC Compliance
IT Compliance solutions for DoD contractors
CMMC ComplianceCMMC Compliance
  • Home
  • Compliance
    • CMMC Levels 1-3
    • NIST 800-171
    • Microsoft GCC High
    • ITAR Compliance
    • FAQ
    • Resources
      • CMMC Documentation
      • GCC High Buyers Guide
      • Important Hyperlinks
  • About
  • Industries
  • Blog
  • Contact Us
  • Home
  • Compliance
    • CMMC Levels 1-3
    • NIST 800-171
    • Microsoft GCC High
    • ITAR Compliance
    • FAQ
    • Resources
      • CMMC Documentation
      • GCC High Buyers Guide
      • Important Hyperlinks
  • About
  • Industries
  • Blog
  • Contact Us

Important Hyperlinks

  • Defense Federal Acquisition Regulation (DFARS) Case 2019-D041: Assessing Contractor Implementation of Cybersecurity Requirements
    • DoD issued an interim rule to amend DFARS to implement a DoD Assessment Methodology and the Cybersecurity Maturity Model Certification (CMMC) framework in order to assess contractor implementation of cybersecurity requirements and enhance the protection of unclassified information within the DoD supply chain.
  • DFARS Clause 252.204-7012: Safeguarding Covered Defense Information and Cyber Incident Reporting
    • CMMC complements DFARS clause 252.204-7012, which was published in the Federal Register and became effective in 2015. Among other requirements, 252.204-7012 requires Contractors/Subcontractors to safeguard CUI by implementing cybersecurity requirements in NIST SP 800-171.
  • DFARS Provision 252.204-7019: Notice of NIST SP 800-171 DoD Assessment Requirements
    • Advises offerors required to implement the NIST SP 800-171 standards of the requirement to have a current NIST SP 800-171 DoD Assessment on record to be considered for award. Requires offerors to post current Assessments in the Supplier Performance Risk System (SPRS).
  • DFARS Clause 252.204-7020: NIST SP 800-171 DoD Assessment Requirements
    • Requires contractors to provide the Government with access to its facilities, systems, and personnel when necessary for DoD to conduct or renew a higher-level NIST SP 800-171 DoD Assessment.
  • DFARS 252.204-7021 Contractor Compliance with the Cybersecurity Maturity Model Certification Level Requirement
    • Effective 1 Oct 2025. Requires CMMC certificate by time of contract award. Until 1 Oct 2025, DoD must approve CMMC clause in new acquisitions. Contractor certification level must be maintained for contract duration and this clause must be flowed down, as required.
  • NIST SP 800-171 Rev. 2: Protecting CUI in Nonfederal Systems
    • National Institute of Standards and Technology Special Publication (NIST SP) 800-171 provides requirements for protecting the confidentiality of CUI.
  • NIST SP 800-172: Enhanced Security Requirements for Protecting Controlled Unclassified Information (A Supplement to NIST Special Publication 800-171)
    • National Institute of Standards and Technology Special Publication (NIST SP) 800-172, provides federal agencies with a set of enhanced security requirements for protecting the confidentiality, integrity, and availability of CUI in nonfederal systems and organizations from the advanced persistent threat when the CUI is associated with a critical program or high value asset.
  • DoD CUI Program website
    • Explains the source and importance of CUI and posts related policies, training, marking aids, as well as the CUI registry and new developments.
  • Supplier Performance Risk System (SPRS)
    • SPRS “…is the authoritative source to retrieve supplier and product PI [performance information] assessments for the DoD [Department of Defense] acquisition community to use in identifying, assessing, and monitoring unclassified performance.” (DoDI 5000.79)
  • CMMC Accreditation Body Website and Marketplace
    • The authoritative source for CMMC-AB information, including marketplace listings of authorized/approved CMMC Third Party Assessment Organizations (C3PAOs).
  • DODI 5200.48 – Controlled Unclassified Information
    • Establishes policy, assigns responsibilities, and prescribes procedures for CUI throughout the DoD in accordance with Executive Order 13556; 32 CFR Part 2002, “Controlled Unclassified Information;“ and DFARS secs. 252.204-7008 and 252.204-7012. Also, establishes the official DoD CUI Registry.
  • DODI 5000.90 – Cybersecurity for Acquisition Decision Authorities and Program Managers
    • Establishes policy, assigns responsibilities, and prescribes procedures for the management of cybersecurity risk by program decision authorities and program managers in the DoD acquisition processes.
  • Executive Order on Improving the Nation’s Cybersecurity (May 12, 2021)
    • E.O. modernizing cybersecurity defenses by protecting federal networks, improving information-sharing on cyber issues, and strengthening our ability to respond to incidents.

"*" indicates required fields

Name*
Hidden
Please enter a number from 0 to 9999.
Please enter a number from 0 to 9999.
Please enter a number from 0 to 9999.
Please enter a number from 0 to 9999.
What compliance services do you need:*
This field is for validation purposes and should be left unchanged.

California HQ (West Coast)

451 W. Lambert Rd Suite 214
Brea, CA 92821
714-592-0063

Virginia (East Coast)

1750 Tysons Blvd, #1500
Tysons Corner, VA 22102
202-838-3111

Terms | Privacy

CMMC Compliance
Copyright © 2023 CMMC Compliance/Brea Networks, LLC

Privacy Policy │ Cookies Policy │ Terms and Conditions

Go to Top