DFARS 252.204-7012 Archives | CMMC Audit Preparation

DFARS 252.204-7012 controls discussion for CMMC

Posted on April 26, 2024April 26, 2024 by Amira Armond

Why is there a page for DFARS 252.204-7012 on a CMMC website? DFARS 252.204-7012 is a contract requirement for defense contractors that handle or might handle Controlled Unclassified Information (CUI). Unlike the CMMC, DFARS 7012 is currently required and should Read More

How to submit a NIST SP 800-171 self assessment to SPRS

Posted on January 8, 2024January 8, 2024 by Amira Armond

Answers to common questions about how to submit your NIST SP 800-171 self assessment to SPRS. Register an account, how to handle multiple…

FedRAMP “Equivalent” Memo released

Posted on January 4, 2024January 5, 2024 by Amira Armond

Must read for anyone with DFARS 252.204-7012 in their contract! FedRAMP equivalent is defined for DFARS 252.204-7012 Summary: FedRAMP Equivalency, as used in DFARS 252.204-7012, means that the cloud provider has been third-party-validated, with a full audit, by a FedRAMP Read More

CMMC News – October 2023 – the DFARS Rule

Posted on October 26, 2023October 26, 2023 by Amira Armond

Rulemaking Timeline for CMMC DFARS Rule The proposed CMMC Rule has been submitted to the Office of Information and Regulatory Affairs. Several groups (mostly cybersecurity professionals) have met with DoD CIO and OIRA to give recommendations for the rule. Most Read More

Why so few Defense contractors are compliant

Posted on September 21, 2023September 21, 2023 by Amira Armond

𝐇𝐨𝐰 𝐥𝐨𝐧𝐠 𝐝𝐨𝐞𝐬 𝐢𝐭 𝐭𝐚𝐤𝐞 𝐚 𝐜𝐨𝐦𝐩𝐚𝐧𝐲 𝐭𝐨 𝐠𝐨 𝐛𝐚𝐧𝐤𝐫𝐮𝐩𝐭 𝐢𝐭 𝐰𝐡𝐞𝐧 𝐜𝐚𝐧’𝐭 𝐰𝐢𝐧 𝐰𝐨𝐫𝐤? One year? Two? Three? Let me tell you a story about how a system of perverse incentives caused our current cybersecurity situation in the Defense Read More

CMMC, CUI, and Cloud Vendors – do you need FedRAMP?

Posted on November 18, 2022November 18, 2022 by Amira Armond

Achieving Cloud Compliance in the Age of CMMC, CUI, and DFARS 7012: How secure are your cloud vendors?

Does CMMC enforce FedRAMP and other CUI protections?

Posted on September 4, 2021September 4, 2021 by Amira Armond

Will CMMC assessors stick to just the CMMC requirements or will they review your compliance to CUI-specified handling and other regulations?

DFARS 252.204-7012 – Part 1, CDI and Covered Info Systems

Posted on March 5, 2021May 7, 2021 by Amira Armond

A guided review of DFARS 252.204-7012 covering the topics: What is a covered contractor information system? What is Covered Defense Information?

CMMC News Rollup October 6, 2020

Posted on October 6, 2020October 7, 2020 by Amira Armond

Hello folks, This is week’s update is pretty short. The DFARS Interim Rule is still the biggest news. Other topics are the new DoD CUI website which has great resources for contractors, and word-of-mouth updates on the CMMC-AB’s registered practitioner Read More

CMMC News Rollup – August 26, 2020

Posted on August 26, 2020August 26, 2020 by Amira Armond

DFARS rule update for CMMC The acquisitions office has proposed an amendment to DFARS 252.204-7012, which is the contract rule that currently requires a high level of cybersecurity for the majority of Defense Contractors. The amendment is expected to replace Read More