3 Clauses Added To DFARS That DoD Contractors Need To Understand

Have you reviewed the Interim Final Rule released by the DoD at the end of September? If you plan to keep bidding on defense contracts, you need to get up to speed. 

3 Clauses Added To DFARS That DoD Contractors Need To Understand

Have you reviewed the Interim Final Rule released by the DoD at the end of September? If you plan to keep bidding on defense contracts, you need to get up to speed.

The DoD recently released their Interim Final Rule. In addition to setting a deadline for NIST compliance and a timeline for CMMC compliance, the document also laid out a number of additional DFARS clauses.

Do you know what these clauses are, and what they mean for you as a defense contractor?

What Clauses Have Been Added To DFARS?

While the Interim Final Rule was largely concerned with NIST and CMMC, the document does include some other important details to take note of.

In particular, it adds three new DFARS clauses:

DFARS 252.204-7019

This clause sets a requirement for an assessment of NIST 800-171 in new contracts from Nov. 30, 2020 onward. Building off the DCMA program, it will act as the bridge to CMMC over the coming years.

Assessments fall into three categories:

  1. Basic (self-assessment)
  2. Medium (conducted by DCMA)
  3. High (conducted by DCMA)

The results of any such assessments are required to be uploaded to the Supplier Performance Risk System (SPRS). The SPRS will act as the central database, holding results of NIST assessments and the CMMC certifications for DoD review.

DFARS 252-204-7020

This clause lays out two requirements:

  1. Contractors are to provide access to “facilities, systems, and personnel” in support of assessments.
  2. “Subcontractors have results of a current assessment in SPRS prior to contract award.”

These requirements consolidate all assessment-associated info and ensure that assessors can access systems for the purpose of an assessment.

DFARS 252-204-7021

This clause requires CMMC to be included in all contracts moving forward from the deadline. The details of CMMC compliance are in line with previous versions released by the DoD.

Furthermore, it’s important to note that DFARS 252.204-7012 hasn’t been modified. This means the underlying requirements for FedRAMP Moderate, NIST 800-171, and clauses (c) through (g) will continue unchanged.

How Much Time Do I Have To Comply?

While the Interim Final Rule takes effect on Nov. 30, 2020, this will not be an overnight process.

You will be required to be NIST compliant by that time, but CMMC compliance will be rolled out after the fact. There is a five-year time frame detailed in the Interim Final Rule to walk contractors through CMMC compliance.

What Should I Expect Of The Certification Process?

While the DoD and the CMMC-AB are doing their best to lay out a careful and straightforward process, you can expect road bumps. After all, there are over 200,000 companies that will need to eventually be certified, but at the moment, there are less than 100 auditors.

Throughout 2021, it is expected that the CMMC-AB will be assisting with pairing C3PAOs with contractors that require certification in order to bid on DoD contracts. During that time, you will not be able to seek out a C3PAO outside of these pairings.

At some point, the CMMC-AB Marketplace will go live and you will be able to choose your own  C3PAO, but don’t count on that in the short term. In the meantime, Advantage Industries can help…

Book Your Assessment Now And Get A FREE Dark Web Scan

Let’s get started right away.

CLICK HERE to book your assessment.

If you do, you’ll receive a FREE Dark Web scan, and furthermore, 4 out of 5 businesses that Schedule a meeting with us can also qualify for a FREE network security scan. This scan will give you valuable information on the state of your network and the scale of remediation you can expect.

Put simply, this is the best way to start your NIST and CMMC compliance process ahead of the deadline at the end of November.

Contact Advantage Industries to get started. 

Not Happy with your current IT Company? Advantage Industries is here to help.

Fill out the form below to schedule a no-obligation review with Advantage.


Keith Heilveil

In 1999 Advantage Industries was created to protect and promote our client’s success through the use of innovative technology. Our company is a full services technology firm that provides computer network support and solutions, managed services, cybersecurity, and custom application development for small and medium businesses in the Maryland, DC, and Virginia areas.

Looking for something specific?

Search our blog library to find the article you need.
Tim Happel

Tim Happel

Sr. Director of Sales, PMP

Get a strategic advantage over your competitors & peers by partnering with Advantage Industries.

Book Your Complimentary Strategic IT Consultation Using The Form Below.