DFARS 252-204-7012 and CMMC
Our staff can help you to develop and update an integrative solution to meet the DFARS 252.204-7012, specifically focusing on networks that include FRCS, ICS as well as commercial Internet of Things (IoT) products using the subset of 110 RMF security controls.
It would meet the Unified Facilities Guide Specifications (UFGS) 25 05 11 Cybersecurity of FRCS and contains the following artifacts: Contractor Computer Cybersecurity Compliance Statement, Cybersecurity Schedules, Inventory Spreadsheet, Contractor Temporary Network Cybersecurity Compliance Statement, FRCS Facility Acceptance Task (FAT) and Site Acceptance Test (SAT) Checklist, ACI TTP Fully-Mission Capable (FMC) Baseline, Information Systems Contingency Plan (ISCP), System Security Plan (SSP), Security Audit Plan (SAP), and a Security Monthly Audit Report (SMAR).
We also support the implementation of RMF for all DoD IT/OT systems utilizing a multi-tiered cybersecurity risk management approach as described in DoDI 8510.01, with the Purdue Model for Control Hierarchy as a logical framework. Consisting of five zones and six levels of operations, Peregrine can ensure all RMF security controls are implemented technically, administratively, and physically, per NIST SP 800-53 as well as the ICS addendum NIST SP 800-82.
Peregrine helps companies be ready for the Cybersecurity Maturity Model Certification (CMMC), which is the next stage in the DoD efforts to properly secure the Defense Industrial Base (DIB). In the simplest of terms, the DoD announced in June 2019 that it is creating a new cybersecurity assessment model and certification program. This signals to industry an end to the honeymoon period. Unlike prior years, contracting authorities will not accept only an SSP and POA&M as compliance for DFARS 252.204-7012. Contractors will instead be evaluated based upon the implementation of actual technical controls in addition to their documentation and policies. These evaluations will lead to a level certification of 1 to 5, with the latter being the most secure.
The higher your company certifies, the more contracts you will be eligible to bid on – and we can help ensure a top scoring certification.
According to the Office of the Under Secretary of Defense, the CMMC level requirement will flow down to all subcontractors. They also state all future RFPs will require a CMMC level regardless of handling Controlled Unclassified Information (CUI).
We support the use of the DISA Approved Products List (APL) and the OT Tested Product List.