CMMC Model

How does FAR 52.204-21 relate to CMMC?

In this post we explain the new CMMC model.

Join our newsletter:

How does FAR 52.204-21 relate to CMMC?

Federal acquisition regulation 52.204-21 “Basic Safeguarding of Covered Contractor Information Systems” includes 15 security controls. CMMC level one draws it’s security practices from FAR 52.204-21.

FAR 52.204-21

With FAR 52.204-21 contractors are expected to implement the 15 required security controls. There are no documentation requirements such as a plan of action & milestone or system security plan. FAR 52.203-21 applies to what is known as “covered contractor information systems”. Those are systems that process, store, or transmit federal contract information.

CMMC Level one and FAR 52.204-21

CMMC level one draws its requirements from FAR 52.204-21. Like FAR 52.204-21, CMMC level one doesn’t have any documentation requirements. Companies with a CMMC level one requirement are simply responsible for implementing the 17 CMMC practices.
 

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:

 /assets/images/app/complaince_accelerator.gif

Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.
 /assets/images/app/quantum_accelerator.gif

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.
 /assets/images/app/supply_chain_verifier.gif

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.