MCGlobalTech is amongst the first group of companies to be officially approved by the CMMC Advisory Board as a CMMC Registered Provider Organization (RPO) to help the DOD contractor community get ready for CMMC. Since 2017, MCGlobalTech has helped small business DOD contractors perform NIST 800-171 assessments and develop required compliance policies and security plans.
As you know, the recent Interim rule requires contractors to have a current (i.e., not more than three years old) security assessment of NIST 800-171 controls and compliance score on record with the government before awarding any contract starting December 1, 2020. We have received many calls from small defense contractors being asked by their larger Prime Contractors to confirm compliance with this new requirement.
The bottom line: All DOD contractors are now required to:
- Conduct a NIST 800-171 controls self-assessment
- Create a System Security Plan
- Score the System Security Plan using the DoD Assessment Methodology
- Submit your assessment score to the Supplier Performance Risk System
If you have not yet generated your compliance score and uploaded it to the Supplier Performance Risk System (“SPRS”),or have any other questions about this new requirement, contact us today for free consultation.