Why is there a page for DFARS 252.204-7012 on a CMMC website?
DFARS 7012 is a contract requirement for defense contractors that handle Controlled Unclassified Information (CUI).
It requires implementing cyber-security per NIST Special Publication 800-171 and mandatory reporting to the DoD if the contractor has a cyber incident.
Unlike the CMMC, DFARS 7012 is currently required and should be a priority for DoD contractors that deal with CUI.
You can tell if your contract requires compliance by looking for a contract clause that calls out “DFARS 252.204-7012”. If this is the case, you should also check out the NIST SP 800-171 page.
Download links for DFARS 252.204-7012 resources:
Official DFARS 7012 source: https://www.acq.osd.mil/dpap/dars/dfars/html/current/252204.htm#252.204-7012
DFARS 204-7302 (related policy): https://www.acq.osd.mil/dpap/dars/dfars/html/current/204_73.htm
NIST Special Publication 800-171 rev2: https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final
NIST page about DFARS for manufacturers: https://www.nist.gov/mep/cybersecurity-resources-manufacturers/dfars-compliance
NIST self-assessment handbook for using SP 800-171 controls for DFARS requirements: http://nvlpubs.nist.gov/nistpubs/hb/2017/NIST.HB.162.pdf
If you know of other official or helpful resources, please comment to help others! I’ll add the links to this page.