The Latest DFARS Interim Rule – Impact on DoD Contractors

Jerry Leishman

October 19, 2020

On September 29, the Department of Defense (DoD) published the new interim rule, based on DFARS Case 2019-D041, for contractor cybersecurity assessments. The resulting Defense Federal Acquisition Regulation Supplement (DFARS) 70 Series: 7019, 7020, and 7021 requires every DoD contractor to self-assess against the 110 security requirements of SP 800-171, and then submit their score to the DoD. This is done through the Supplier Performance Risk System (SPRS).

These requirements begin on November 30, 2020 and may have significant impact on future business based on a supplier’s current cybersecurity maturity.

The new DFARS rules are designed to rectify the current Defense Industrial Base’s (DIB) lack of responsiveness to effectively protect controlled unclassified information (CUI). They are also intended to reduce growing nation state and criminal CUI exfiltration, while more quickly closing the gap between DFARS CUI protections and the upcoming Cybersecurity Maturity Model Certification (CMMC).

DoD Contractors: Don’t wait ‘til November. Act now – you’ll increase your chance of winning major government contracts over your competition.

CORTAC works with Pacific Northwest defense and aerospace suppliers to provide end-to-end regulatory and cybersecurity guidance and services to enable risk-based and cost-optimized solutions for small, medium, and large organizations.

Learn more about CORTAC Group here or contact