New DFARS Interim Rules went into effect in December 2020, forcing defense contractors to adhere to new processes and requirements, and placing greater emphasis on compliance with cybersecurity regulations. Contractors who handle Controlled Unclassified Information (CUI) must now conduct self-assessments of NIST 800-171 compliance status in accordance with NIST 800-171A assessment guidance; score themselves on a subtractive, weighted formula as prescribed by the DoD Assessment Methodology scoring system; and report their scores and expected POAM completion dates to the government through the Supplier Performance Rating System (SPRS) in order to remain eligible to win new contract awards that involve handling CUI. In addition, the DCMA’s Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) is now able to mandate more detailed analysis of contractor compliance through Medium and High confidence assessments at the government’s discretion. For Medium and High assessments, DIBCAC personnel may perform detailed reviews of contractor SSPs, or conduct full NIST 800-171A evidence-based assessments of contractor compliance.
In this webinar, John A. Ellis, Director of the DCMA’s Technical Directorate, will provide key information that all defense contractors should understand about what is required, what to expect, and how to prepare for the DoD Assessment Methodology and DIBCAC assessment process; and cybersecurity compliance experts from eResilience will share best practices for prime contractors and subcontractors to assist in navigating compliance challenges.