INFORMATIONAL NOTICE - An interim DFARS rule went into effect on November 30, 2020 to incorporate requirements for assessment of contractor implementation of cybersecurity requirements and to enhance the protection of unclassified information within the DoD supply chain via the National Institute of Standards and Technology Special Publication (NIST SP) 800-171 DoD Assessment Methodology and the Cybersecurity Maturity Model Certification (CMMC) framework. Please click the following link to read more about this important update: https://www.acq.osd.mil/dpap/policy/policyvault/USA002524-20-DPC.pdf. NOTE – This informational notice is not a change order. Instead, this informational notice is provided as a courtesy to the NAWCTSD Industry team members, as the subject has been discussed at several recent NAWCTSD PALT sessions. Any necessary contractual requirements not otherwise encompassed by the existing terms and conditions of a contract, and any necessary contractual changes that may be derived from this notice, may only be implemented by the contract’s Contracting Officer.
- Information Assurance Work Force Manual 8570.01-M
- DoD Directive Cyberspace Workforce Management 8140.01
- DoD Directive Cybersecurity 8500.01
- DoD Instruction 8510.01 Risk Management Framework (RMF) for DoD Information Technology (IT)
- SECNAV Instruction 5230
- DADMS Directives
National Institute of Standards and Technology (NIST):
Security and Privacy Controls for Federal Information Systems and Organizations
Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
- Committee on National Security Systems Instructions: CNSSI 1253
- The DoD Cybersecurity Policy Chart (Formerly the IA Policy Chart)
For more information visit the Chief Information Officer Department of the Navy Cybersecurity website.