Department of Defense has issued an interim rule for CMMC on September 30, 2020. This is for setting up a two part process for review of contractors IT systems. All contractors have to conduct a self-assessment against NIST 800-171 using DoD published self-assessment methodology and upload their assessment results to the DoD Supplier Performance Risk System (SPRS) database. Contractor systems rated as Medium or High categories will go through secondary review by DoD appointed agencies. Effective date for this rule is November 30, 2020.
Join Subrata Guha, DQS Inc. IT Services Director, on Friday, November 20 at 10am Central Time for a webinar on the DoD Interim Rule for CMMC. This webinar will provide an overview of NIST800-171 requirements and DoD self-assessment method. He will also discuss scoring criteria and required evidences for the SPRS database.