cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CMMC compliance of existing contracts

MarkPelea
Copper Contributor

‎Aug 25 2020 09:12 AM - edited ‎Aug 25 2020 09:36 AM

‎Aug 25 2020 09:12 AM - edited ‎Aug 25 2020 09:36 AM

CMMC compliance of existing contracts

Hello All,

How do you address CMMC compliance for existing CUI-based contracts which are not based on CMMC (could be based on ITAR/NIST SP 800-171, for instance)? The contract terms were already agreed between federal and contractors, but are still under the current "self-attestation". Or must the current contracts and environments built around the CUI protection for those systems continue with their existing terms, and are not subject to CMMC? Would they just need to complete their contract life in their original compliance terms? Meaning, CMMC only applies to new contracts with the DoD.

Thanks,

Mark 

1,437 Views
0 Likes
4 Replies
Reply
4 Replies
DKernus02

‎Aug 25 2020 09:16 AM

‎Aug 25 2020 09:16 AM

Re: CMMC compliance of existing contracts

@MarkPelea DoD has said current contracts will not be modified except in extenuating circumstances. What will most likely happen is if the contract goes to recompete, a CMMC level will be applied to the new RFP.

0 Likes
Reply
MarkPelea

‎Aug 25 2020 09:26 AM

‎Aug 25 2020 09:26 AM

Re: CMMC compliance of existing contracts

Thanks, @DKernus02
1 Like
Reply
MarkPelea

‎Aug 25 2020 09:48 AM

‎Aug 25 2020 09:48 AM

Re: CMMC compliance of existing contracts

@DKernus02, Do we have any idea what those extenuating circumstances might be? I'm sure it's contract by contract basis, but would be good to know if there are some guidelines that can be followed for those that have a variety of CUI/CDI contracts.

0 Likes
Reply
DKernus02

‎Aug 25 2020 09:56 AM - edited ‎Aug 25 2020 09:57 AM

‎Aug 25 2020 09:56 AM - edited ‎Aug 25 2020 09:57 AM

Re: CMMC compliance of existing contracts

@MarkPelea The DoD did not give any indication as to what those might be in the seminar I heard this information. The only other piece of information that may be helpful is, at the time the comment was made, they said it would be depend on the contracting officer and/or the program manager.

 

Just a reminder that changes are happening to CMMC guidelines almost weekly (at least it seems). I think it's best to follow the implementation of CMMC until it's finalized. Katie Arrington, CISO of DoD Acq said last night on CyberNation: CMMC they are in actively process of getting the DFAR rule changed. It's going into public comment soon for 60 days. After that, DoD expects it to be finalized.

0 Likes
Reply