Understanding DFARS 7019
The DFARS: Defense Federal Acquisition Regulation Supplement 252.204-7019 is part of the three announced clauses in the DFARS 70 clauses (7012, 7020, and 7021). This special clause maintains the provisions for contractors to keep their evaluations and report them well and the conditions for contracting officers to grant or withhold it based upon correctly reported evaluation results. This clause does not mandate CMMC assessment or reporting.
The DFARS 7019 clause informs the contractor that they must preserve a record of their NIST 800-171 observation within the Supplier Performance Risk System (SPRS). Every contractor must hold a current DoD Assessment within the plan, exclusively accessible to DoD. This indicates that every contractor must have a Basic, Medium, or High assessment completed once every three years and guarantee that it is correctly reported within SPRS.
This is equivalent to the self-assessments or self-attestations that have been occurring since 2018, and this assessment needs a System Security Plan (SSP) or Plans to be presented.
Medium and High Assessment:
These include the NIST 800-171 assessments executed by DCMA. DFARS 7019 and many reporting means authorize numerous CAGE codes to be applicated for a single evaluation and SSP in the case of shared systems. A more diminutive partner organization could possibly then operate another company’s systems solely for performing on a contractor, as long as the SSP presented and assessed allows for that arrangement.
After completing and proffering an assessment to the level of your RFPs (Requests for Proposal), you must meet the DFARS 7019 clause. Regardless, if you have not finished an evaluation or an SSP, you must handle both as soon as you can. The organization’s systems will also have to be modeled to the 110 NIST 800-171 regimes before assessment and those configurations ought to be documented in your SSP.
In case you do not possess an account with SPRS, you must request access via the Procurement Integrated Enterprise Environment (PIEE), which mandates a certificate to register or authenticate. After registration and gaining access to SPRS, you can advance your assessment. Talk to VLC Solutions today to gain an in-depth understanding of your DFARS needs.