DFARS 252.204-7008Compliance with Safeguarding Covered Defense Information Controls
Overview
This solicitation provision requires offerors to represent whether they have implemented NIST SP 800-171 security requirements. Offerors must certify their compliance status and identify any security requirements not yet implemented at the time of proposal submission. This representation becomes a material part of the contract award decision.
When Does This Apply?
Included in DoD solicitations for contracts that will involve CUI. Offerors must complete this representation as part of their proposal.
Key Requirements
- 1Certify implementation of NIST SP 800-171 security requirements
- 2Submit System Security Plan (SSP) if not fully compliant
- 3Identify specific controls not yet implemented with remediation timeline
Flowdown to Subcontractors
No — DFARS 252.204-7008 does not flow down to subcontractors. This clause applies only to the prime contractor.
Frequently Asked Questions
What is DFARS 252.204-7008?
DFARS 252.204-7008 (Compliance with Safeguarding Covered Defense Information Controls) This solicitation provision requires offerors to represent whether they have implemented NIST SP 800-171 security requirements. Offerors must certify their compliance status and identify any security
Does DFARS 252.204-7008 flow down to subcontractors?
No, DFARS 252.204-7008 does not flow down to subcontractors. This clause applies only to the prime contractor.
When does DFARS 252.204-7008 apply?
Included in DoD solicitations for contracts that will involve CUI. Offerors must complete this representation as part of their proposal.
Related Guides
Stay compliant with DFARS 252.204-7008
Cabrillo Club automates compliance tracking and alerts you when DFARS clauses are amended.
Join Free