DFARS Interim Rule 60 Day Sprint

Sprint to compliance in less than 60 days with CyberSheath’s proven methodology based on three core disciplines: Assess, Implement, Manage (AIM™)

On September 29, the Department of Defense (DoD) released a DFARS rule authorizing the emergency collection of information to submit contractor assessment results in the Supplier Performance Risk System (SPRS).  The submission would include the summary level score of a current NIST SP 800-171 assessment (i.e., not more than three years old) in order to assess contractor implementation of cybersecurity requirements in an on going effort to enhance the protection of unclassified information within the DoD supply chain.

This change will be effective in less than 60 days and applies prior to:

  1. Awarding a contract, task order, or delivery order to an offeror or contractor that is required to implement NIST SP 800-171 in accordance with the clause at 252.204-7012; or
  2. Exercising an option period or extending the period of performance on a contract, task order, or delivery order with a contractor that is that is required to implement the NIST SP 800-171 in accordance with the clause at 252.204-7012.

The significant risk for defense contractors is that assessment scoring will be used as a discriminator in source selection or worse, expose contractors to False Claim Act (FCA) actions due to inaccurate reporting results.

CyberSheath is prepared to execute your assessment, and where possible correct related deficiencies to improve scoring before mandatory SPRS submission; however, this rule goes into effect in less than 60 days, and immediate action is required to mitigate these risks.  In the meantime, download our DFARS Interim Rule 60 Day Sprint Timeline that highlights what actions need to take place over the days left to meet the DoD's deadline.