What is DFARS 7020?
Understanding DFARS 7020:
The DFARS: Defense Federal Acquisition Regulation Supplement 252.204-7020 is part of the three declared clauses of the DFARS 70 series (7012, 7019, and 7021) in November 2020. DFARS 7020 mandates contractors to offer the Government entry to its structures, systems, and staff any time the Department of Defense (DoD) revives or executes a Medium or High assessment.
Like DFARS 7012, the DFARS 7020 clause will emerge in all DoD solicitations, contracts, tasks, or delivery orders. This control also covers a flow-down condition that mentions that a contractor would now need to guarantee that all tiered subcontractors have results of a recent review in SPRS (Supplier Performance Risk System), following the DFARS 7019 clause. The contractor must also verify their compliance with 7019 before granting a subcontract or purchase order and include the details and terminology of DFARS 7019 in the subcontract agreement and documents.
The Concerns:
An issue that concerns many businesses in the Defense Industrial Base (DIB) is the capacity to remediate, adjudicate, or dispute a particular result. DFARS 7020 remarks that contractors and their subcontractors have a 14-day course to furnish further proofs or details illustrating that their procedures and guidelines meet NIST 800-171 criteria. Additionally, SPRS will only show the final examination results post this period, all results will be made secret, and high inspection documentation will be categorized as Controlled Unclassified Information (CUI).
What’s Next?
Companies with DFARS 7012 conditions in their agreements and dealing with CUI must conduct a Basic Assessment. It could be self-explanatory, but one must guarantee that their structures, procedures, and staff are provisioned for a DoD Basic Assessment and advance that self-assessment in 2021. Furthermore, one can start researching future purchases and solicitations to decide if a Medium or High assessment is needed shortly. The organization’s data systems also must be reconstituted to the 110 NIST 800-171 regimes owing to the CMMC assessment provisions and the already present DFARS 7012 prerequisites. To be able to take the next step in this direction with confidence, you can reach out to VLC Solutions.