CMMC Model

How does FAR 52.204-21 relate to CMMC?

In this post we explain the new CMMC model.
Join our newsletter:

How does FAR 52.204-21 relate to CMMC?

Federal acquisition regulation 52.204-21 “Basic Safeguarding of Covered Contractor Information Systems” includes 15 security controls. CMMC level one draws it’s security practices from FAR 52.204-21.

FAR 52.204-21

With FAR 52.204-21 contractors are expected to implement the 15 required security controls. There are no documentation requirements such as a plan of action & milestone or system security plan. FAR 52.203-21 applies to what is known as “covered contractor information systems”. Those are systems that process, store, or transmit federal contract information.

CMMC Level one and FAR 52.204-21

CMMC level one draws its requirements from FAR 52.204-21. Like FAR 52.204-21, CMMC level one doesn’t have any documentation requirements. Companies with a CMMC level one requirement are simply responsible for implementing the 17 CMMC practices.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
Learn More
HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
Learn More
FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
Learn More
ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
Learn More