News Worthy CMMC and DoD Related News Clips worth reading

Saltmarsh’s own Stephen Reyes selected to be a Provisional Assessor

Join us in congratulating our very own Stephen Reyes for being selected and credentialed as the Provisional Assessor. His selection is an acknowledgment of the distinguished career and expertise he brings to the field. As a provisional assessor he becomes one of 72 individuals across the country entrusted to provide the first CMMC provisional assessments.


Interim Rule requires reporting of cyber score

On September 29th, the U.S. Department of Defense published the interim rule implementing the Cybersecurity Maturity Model Certification, or CMMC, program. In a less expected move it also took the opportunity to insert language that requires many to also report their cyber score of current compliance with NIST 800-171.

“The contracting officer shall verify that the summary level score of a current NIST SP 800-171 DoD Assessment (i.e., not more than three years old, unless a lesser time is specified in the solicitation) (see 252.204-7019) for each covered contractor information system that is relevant to an offer, contract, task order, or delivery order are posted in the Supplier Performance Risk System (SPRS) prior to:

(1) Awarding a contract, task order, or delivery order to an offeror or contractor that is required to implement NIST SP 800-171 in accordance with the clause at 252.204-7012; or

(2) Exercising an option period or extending the period of performance on a contract, task order, or delivery order with a contractor that is required to implement the NIST SP 800-171 in accordance with the clause at 252.204-7012”

In contrast to the multi-year CMMC rollout, this change, for those to whom it applies, will take effect almost immediately on contracts dated after November 30, 2020.