DFARS 252.204-7021

DFARS 252.204-7021 is a regulation that establishes requirements for safeguarding and reporting of Controlled Unclassified Information (CUI) in non-federal information systems and organizations. It also requires contractors working with the Department of Defense to adhere to the Cybersecurity Maturity Model Certification (CMMC). It applies to DoD contractors who receive, process, store or transmit FCI, and CUI, as well as any subcontractors working with them.

This regulation requires contractors to implement security measures to protect CUI and to report any cyber incidents that affect the confidentiality, integrity, or availability of CUI. The security requirements in DFARS 252.204-7021 are similar to those outlined in the NIST SP 800-171 publication, which is a requirement for CMMC Level 2. This means that contractors who have already achieved CMMC Level 2 compliance are likely to be in compliance with DFARS 252.204 7021 as well.

However, contractors who have not yet achieved CMMC Level 2 compliance will need to take additional steps to ensure they are compliant with DFARS 252.204-7021. These steps include conducting a security assessment, implementing security controls, and establishing incident response procedures.

At SherTech, we will help you understand the requirements of DFARS 252.204-7021, how it relates to your information handling, FCI, and CUI, and provide guidance on achieving compliance. We can also help you navigate the requirements of CMMC Level and prepare for a CMMC assessment. Contact us to learn more about how we can assist you in meeting these important security regulations.