DFARS 252.204-7020NIST SP 800-171 DoD Assessment Requirements
Overview
This clause establishes the three-tier assessment methodology for NIST SP 800-171 compliance: Basic (self-assessment), Medium (government-conducted), and High (government-conducted with on-site validation). Contractors must cooperate with government assessors and provide documentation demonstrating implementation of security controls.
When Does This Apply?
Contracts where the government requires a Medium or High confidence NIST 800-171 assessment, typically for contracts involving high-value CUI.
Key Requirements
- 1Cooperate with government assessment teams
- 2Provide documentation of NIST 800-171 implementation
- 3Allow assessors access to systems and facilities
- 4Implement the 110-point scoring methodology
- 5Address findings within the specified remediation timeline
Flowdown to Subcontractors
Yes — DFARS 252.204-7020 flows down to subcontractors. All subcontractors in the supply chain must comply with this clause when applicable.
Frequently Asked Questions
What is DFARS 252.204-7020?
DFARS 252.204-7020 (NIST SP 800-171 DoD Assessment Requirements) This clause establishes the three-tier assessment methodology for NIST SP 800-171 compliance: Basic (self-assessment), Medium (government-conducted), and High (government-conducted with on-site valida
Does DFARS 252.204-7020 flow down to subcontractors?
Yes, DFARS 252.204-7020 flows down to subcontractors. All applicable subcontractors must comply with this clause.
When does DFARS 252.204-7020 apply?
Contracts where the government requires a Medium or High confidence NIST 800-171 assessment, typically for contracts involving high-value CUI.
Related Guides
Stay compliant with DFARS 252.204-7020
Cabrillo Club automates compliance tracking and alerts you when DFARS clauses are amended.
Join Free