The Keys to CMMC Compliance- NIST 800-171 Self-Assessment and the CMMC
ATS’s kick-off webinar in the 2021 CMMC series was a huge success!
In addition to covering the DFARS Interim Rule, we also answered several audience questions relating to CUI. In case you missed this event, the recording is available here!
This event touched on all the relevant information pertaining to the Defense Federal Acquisition Regulation Supplement (DFARS) Interim Rule which went into effect on December 1, 2020. The DFARS rule introduced not only the CMMC requirement, but two other clauses which impact defense contractors who handle Controlled Unclassified Information (CUI). The new clauses require companies who handle CUI to perform a NIST 800-171 self-assessment, using NIST 800-171A and the new DOD Assessment Methodology, and report their raw score into the Supplier Performance Risk System. The new rule also allows for DOD to conduct “higher” level assessments that involve document review and potentially an on-site assessment by the Defense Contract Management Agency (DCMA).
Our ATS CMMC Webinar Series Objectives:
Each webinar in the ATS CMMC webinar series is meant to build on previous webinars to provide a solid understanding of the new DFARS requirements. Building on this first session, the next webinar will focus on all things related to CUI-what it is, how to know if you have it, and how to handle it. Understanding if you have CUI and where you process, transmit, and store CUI is the most fundamental aspect of achieving CMMC and NIST 800-171 compliance. Understanding where DOD information resides on your network is essential in determining which systems and devices are considered in-scope for your CMMC assessment. Networks which handle CUI are required to achieve a CMMC maturity level 3 and networks which do not handle CUI only need to achieve a CMMC maturity level 1, making CUI the initial deciding factor in which CMMC maturity level your company needs to implement. Do not underestimate the importance of understanding CUI!