The Department of Defense (DoD) acquisition policy implementing the CMMC (DFARS Case 2019-D041) became effective on December 1, 2020. The Defense Federal Acquisition Regulation Supplement-known as the DFARS-implements the CMMC requirement into Defense acquisition policy. The CMMC requirement will begin to appear in new Requests for Proposals (RFPs) and Requests for Information (RFIs), which may not reference the CMMC explicitly, but instead reference the DFARS clause at 252.204-7021. The -7021 clause is the CMMC clause.
DoD Assessment Methodology and Additional DFARS Clauses
DoD Assessment Methodology and Additional DFARS Clauses
The DFARS Case 2019-D041 introduced a NIST 800-171 assessment methodology and added two more clauses in addition to the CMMC clause. These two new clauses are approved for inclusion in all DoD contracts that contain the DFARS -7012 clause. The -7012 clause applies to all companies who process, transmit, store, or otherwise handle Controlled Unclassified Information (CUI), but is often found in contracts where companies do not need to handle CUI. The DoD Assessment Methodology is required to be used for the NIST 800-171 self assessment (see below for new DFARS clauses) as well as is used by DoD to conduct their own NIST 800-171 assessments of Defense contractors (see below for new DFARS clauses).
Controlled Unclassified Information
Controlled Unclassified Information
To enable a better understanding of CUI and serve as a learning aid, we have have created DODCUI.com. DOD CUI provides all things relating specifically to DOD CUI .