|
@@ -1,27 +1,26 @@
|
|
|
1
1
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
2
|
-
<!DOCTYPE dita
|
|
3
|
-
|
|
4
|
-
<
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
ditaarch:DITAArchVersion="1.2"
|
|
9
|
-
class="- topic/topic concept/concept ">
|
|
10
|
-
<title class="- topic/title ">
|
|
11
|
-
<ph props="autonumber" class="- topic/ph ">252.204-7019</ph> Notice of NISTSP 800-171 DoD Assessment Requirements.</title>
|
|
12
|
-
<conbody class="- topic/body concept/conbody ">
|
|
13
|
-
<p id="qUkUdx" class="- topic/p ">As prescribed in 204.7304(d), use the
|
|
2
|
+
<!DOCTYPE dita PUBLIC "-//OASIS//DTD DITA Composite//EN" "ditabase.dtd">
|
|
3
|
+
<dita xmlns:ditaarch="http://dita.oasis-open.org/architecture/2005/" ditaarch:DITAArchVersion="1.2" domains="(topic task) (topic concept) (topic concept glossentry) (topic concept glossgroup) (topic reference) (topic troubleshooting++task) (topic task) (topic abbrev-d) a(props deliveryTarget) (topic equation-d) (topic hazard-d) (topic hi-d) (topic indexing-d) (topic markup-d) (topic mathml-d) (topic pr-d) (topic relmgmt-d) (topic sw-d) (topic svg-d) (topic ui-d) (topic ut-d) (topic markup-d xml-d) (topic task strictTaskbody-c) ">
|
|
4
|
+
<concept id="DFARS_252.204-7019" ditaarch:DITAArchVersion="1.2" class="- topic/topic concept/concept ">
|
|
5
|
+
<title class="- topic/title "><ph props="autonumber" class="- topic/ph ">252.204-7019</ph> Notice of NISTSP 800-171 DoD Assessment Requirements.</title>
|
|
6
|
+
<conbody class="- topic/body concept/conbody ">
|
|
7
|
+
<p id="qUkUdx" class="- topic/p ">As prescribed in 204.7304(d), use the
|
|
14
8
|
following provision:</p>
|
|
15
|
-
|
|
9
|
+
<p id="isNWgY" outputclass="Ctr_SmCaps" class="- topic/p ">NOTICE OF NIST SP 800-171 DOD ASSESSMENT
|
|
16
10
|
REQUIREMENTS (MAR 2022)</p>
|
|
17
|
-
|
|
18
|
-
|
|
11
|
+
<info li_elems="0"/>
|
|
12
|
+
<ol>
|
|
13
|
+
<li>
|
|
14
|
+
<p id="JKrwWo" outputclass="List1" class="- topic/p "><ph props="autonumber" class="-topic/ph">(a)</ph><i class="+ topic/ph hi-d/i ">Definitions</i>.</p>
|
|
15
|
+
<p id="wsqlZS" class="- topic/p ">“Basic Assessment”, “Medium Assessment”, and “High
|
|
19
16
|
Assessment” have the meaning given in the clause 252.204-7020, NIST
|
|
20
17
|
SP 800-171 DoD Assessments.</p>
|
|
21
|
-
|
|
18
|
+
<p id="vIcCjF" class="- topic/p ">“Covered contractor information system” has the
|
|
22
19
|
meaning given in the clause 252.204-7012, Safeguarding Covered Defense Information
|
|
23
20
|
and Cyber Incident Reporting, of this solicitation.</p>
|
|
24
|
-
|
|
21
|
+
</li>
|
|
22
|
+
<li>
|
|
23
|
+
<p id="ZDZsok" outputclass="List1" class="- topic/p "><ph props="autonumber" class="-topic/ph">(b)</ph><i class="+ topic/ph hi-d/i ">Requirement</i>. In
|
|
25
24
|
order to be considered for award, if the Offeror is required to
|
|
26
25
|
implement NIST SP 800-171, the Offeror shall have a current assessment
|
|
27
26
|
(i.e., not more than 3 years old unless a lesser time is specified
|
|
@@ -30,216 +29,256 @@ information system that is relevant to the offer, contract, task
|
|
|
30
29
|
order, or delivery order. The Basic, Medium, and High NIST SP 800-171
|
|
31
30
|
DoD Assessments are described in the NIST SP 800-171 DoD Assessment
|
|
32
31
|
Methodology located at
|
|
33
|
-
<xref href="https://www.acq.osd.mil/dpap/pdi/cyber/strategically_assessing_contractor_implementation_of_NIST_SP_800-171.html"
|
|
34
|
-
format="html"
|
|
35
|
-
scope="external"
|
|
36
|
-
class="- topic/xref ">https://www.acq.osd.mil/asda/dpc/cp/cyber/safeguarding.html#nistSP800171</xref>
|
|
32
|
+
<xref href="https://www.acq.osd.mil/dpap/pdi/cyber/strategically_assessing_contractor_implementation_of_NIST_SP_800-171.html" format="html" scope="external" class="- topic/xref ">https://www.acq.osd.mil/asda/dpc/cp/cyber/safeguarding.html#nistSP800171</xref>
|
|
37
33
|
.</p>
|
|
38
|
-
|
|
39
|
-
|
|
34
|
+
</li>
|
|
35
|
+
<li>
|
|
36
|
+
<p id="sDcTZh" outputclass="List1" class="- topic/p "><ph props="autonumber" class="-topic/ph">(c)</ph><i class="+ topic/ph hi-d/i ">Procedures</i>.</p>
|
|
37
|
+
<info li_elems="0"/>
|
|
38
|
+
<ol>
|
|
39
|
+
<li>
|
|
40
|
+
<p id="wUNVHv" outputclass="List2" class="- topic/p "><ph props="autonumber" class="-topic/ph">(1)</ph> The Offeror shall verify
|
|
40
41
|
that summary level scores of a current NIST SP 800-171 DoD Assessment
|
|
41
42
|
(i.e., not more than 3 years old unless a lesser time is specified
|
|
42
43
|
in the solicitation) are posted in the Supplier Performance Risk
|
|
43
44
|
System (SPRS) () for all covered contractor information systems
|
|
44
45
|
relevant to the offer.</p>
|
|
45
|
-
|
|
46
|
+
</li>
|
|
47
|
+
<li>
|
|
48
|
+
<p id="LNioiJ" outputclass="List2" class="- topic/p "><ph props="autonumber" class="-topic/ph">(2)</ph> If the Offeror does not
|
|
46
49
|
have summary level scores of a current NIST SP 800-171 DoD Assessment
|
|
47
50
|
(i.e., not more than 3 years old unless a lesser time is specified
|
|
48
51
|
in the solicitation) posted in SPRS, the Offeror may conduct and
|
|
49
52
|
submit a Basic Assessment to for posting to SPRS in the format identified
|
|
50
53
|
in paragraph (d) of this provision.</p>
|
|
51
|
-
|
|
54
|
+
<info li_elems="2"/>
|
|
55
|
+
</li>
|
|
56
|
+
</ol>
|
|
57
|
+
</li>
|
|
58
|
+
<li>
|
|
59
|
+
<p id="ByzCtO" outputclass="List1" class="- topic/p "><ph props="autonumber" class="-topic/ph">(d)</ph><i class="+ topic/ph hi-d/i ">Summary level scores</i>.
|
|
52
60
|
Summary level scores for all assessments will be posted 30 days
|
|
53
61
|
post-assessment in SPRS to provide DoD Components visibility into
|
|
54
62
|
the summary level scores of strategic assessments.</p>
|
|
55
|
-
|
|
63
|
+
<info li_elems="0"/>
|
|
64
|
+
<ol>
|
|
65
|
+
<li>
|
|
66
|
+
<p id="CjBeos" outputclass="List2" class="- topic/p "><ph props="autonumber" class="-topic/ph">(1)</ph><i class="+ topic/ph hi-d/i ">Basic Assessments</i>.
|
|
56
67
|
An Offeror may follow the procedures in paragraph (c)(2) of this
|
|
57
68
|
provision for posting Basic Assessments to SPRS.</p>
|
|
58
|
-
|
|
69
|
+
<info li_elems="0"/>
|
|
70
|
+
<ol>
|
|
71
|
+
<li>
|
|
72
|
+
<p id="oIUGWr" outputclass="List3" class="- topic/p "><ph props="autonumber" class="-topic/ph">(i)</ph> The email shall include
|
|
59
73
|
the following information:</p>
|
|
60
|
-
|
|
74
|
+
<info li_elems="0"/>
|
|
75
|
+
<ol>
|
|
76
|
+
<li>
|
|
77
|
+
<p id="oMjZfv" outputclass="List4" class="- topic/p "><ph props="autonumber" class="-topic/ph">(A)</ph> Cybersecurity standard
|
|
61
78
|
assessed (e.g., NIST SP 800-171 Rev 1).</p>
|
|
62
|
-
|
|
79
|
+
</li>
|
|
80
|
+
<li>
|
|
81
|
+
<p id="JoianN" outputclass="List4" class="- topic/p "><ph props="autonumber" class="-topic/ph">(B)</ph> Organization conducting
|
|
63
82
|
the assessment (e.g., Contractor self-assessment).</p>
|
|
64
|
-
|
|
83
|
+
</li>
|
|
84
|
+
<li>
|
|
85
|
+
<p id="wXTlHd" outputclass="List4" class="- topic/p "><ph props="autonumber" class="-topic/ph">(C)</ph> For each system security
|
|
65
86
|
plan (security requirement 3.12.4) supporting the performance of
|
|
66
|
-
a DoD contract—</p>
|
|
67
|
-
|
|
87
|
+
a DoD contract—</p>
|
|
88
|
+
<ol>
|
|
89
|
+
<li>
|
|
90
|
+
<p id="fZGZuC" outputclass="List2" class="- topic/p "><ph props="autonumber" class="-topic/ph">(1)</ph> All industry Commercial
|
|
68
91
|
and Government Entity (CAGE) code(s) associated with the information
|
|
69
92
|
system(s) addressed by the system security plan; and</p>
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
93
|
+
</li>
|
|
94
|
+
<li>
|
|
95
|
+
<p id="xbgqpP" outputclass="List2" class="- topic/p "><ph props="autonumber" class="-topic/ph">(2)</ph> A brief description of
|
|
96
|
+
the system security plan architecture, if more than one plan exists.</p>
|
|
97
|
+
</li>
|
|
98
|
+
</ol>
|
|
99
|
+
</li>
|
|
100
|
+
<li>
|
|
101
|
+
<p id="fVvlYj" outputclass="List4" class="- topic/p "><ph props="autonumber" class="-topic/ph">(D)</ph> Date the assessment was
|
|
73
102
|
completed.</p>
|
|
74
|
-
|
|
103
|
+
</li>
|
|
104
|
+
<li>
|
|
105
|
+
<p id="OwdQKn" outputclass="List4" class="- topic/p "><ph props="autonumber" class="-topic/ph">(E)</ph> Summary level score (e.g.,
|
|
75
106
|
95 out of 110, NOT the individual value for each requirement).</p>
|
|
76
|
-
|
|
107
|
+
</li>
|
|
108
|
+
<li>
|
|
109
|
+
<p id="mLfXcm" outputclass="List4" class="- topic/p "><ph props="autonumber" class="-topic/ph">(F)</ph> Date that all requirements
|
|
77
110
|
are expected to be implemented (i.e., a score of 110 is expected
|
|
78
111
|
to be achieved) based on information gathered from associated plan(s)
|
|
79
112
|
of action developed in accordance with NIST SP 800-171.</p>
|
|
80
|
-
|
|
113
|
+
<info li_elems="1"/>
|
|
114
|
+
</li>
|
|
115
|
+
</ol>
|
|
116
|
+
</li>
|
|
117
|
+
<li>
|
|
118
|
+
<p id="igRmzB" outputclass="List3" class="- topic/p "><ph props="autonumber" class="-topic/ph">(ii)</ph> If multiple system security
|
|
81
119
|
plans are addressed in the email described at paragraph (d)(1)(i)
|
|
82
120
|
of this section, the Offeror shall use the following format for
|
|
83
121
|
the report:</p>
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
class="- topic/
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
rowheader="headers"/>
|
|
100
|
-
<colspec colnum="3"
|
|
101
|
-
colname="3"
|
|
102
|
-
colwidth="17*"
|
|
103
|
-
class="- topic/colspec "
|
|
104
|
-
rowheader="headers"/>
|
|
105
|
-
<colspec colnum="4"
|
|
106
|
-
colname="4"
|
|
107
|
-
colwidth="17*"
|
|
108
|
-
class="- topic/colspec "
|
|
109
|
-
rowheader="headers"/>
|
|
110
|
-
<colspec colnum="5"
|
|
111
|
-
colname="5"
|
|
112
|
-
colwidth="17*"
|
|
113
|
-
class="- topic/colspec "
|
|
114
|
-
rowheader="headers"/>
|
|
115
|
-
<colspec colnum="6"
|
|
116
|
-
colname="6"
|
|
117
|
-
colwidth="17*"
|
|
118
|
-
class="- topic/colspec "
|
|
119
|
-
rowheader="headers"/>
|
|
120
|
-
<tbody class="- topic/tbody ">
|
|
121
|
-
<row rowsep="1" class="- topic/row ">
|
|
122
|
-
<entry colname="1" class="- topic/entry ">
|
|
123
|
-
<p id="fVAmKe" class="- topic/p ">System Security Plan</p>
|
|
124
|
-
</entry>
|
|
125
|
-
<entry colname="2" class="- topic/entry ">
|
|
126
|
-
<p id="plSHms" class="- topic/p ">CAGE Codes supported by this
|
|
122
|
+
<table frame="all" colsep="1" rowsep="0" class="- topic/table ">
|
|
123
|
+
<tgroup cols="6" colsep="1" rowsep="0" outputclass="Choice" class="- topic/tgroup ">
|
|
124
|
+
<colspec colnum="1" colname="1" colwidth="17*" class="- topic/colspec " rowheader="headers"/>
|
|
125
|
+
<colspec colnum="2" colname="2" colwidth="17*" class="- topic/colspec " rowheader="headers"/>
|
|
126
|
+
<colspec colnum="3" colname="3" colwidth="17*" class="- topic/colspec " rowheader="headers"/>
|
|
127
|
+
<colspec colnum="4" colname="4" colwidth="17*" class="- topic/colspec " rowheader="headers"/>
|
|
128
|
+
<colspec colnum="5" colname="5" colwidth="17*" class="- topic/colspec " rowheader="headers"/>
|
|
129
|
+
<colspec colnum="6" colname="6" colwidth="17*" class="- topic/colspec " rowheader="headers"/>
|
|
130
|
+
<tbody class="- topic/tbody ">
|
|
131
|
+
<row rowsep="1" class="- topic/row ">
|
|
132
|
+
<entry colname="1" class="- topic/entry ">
|
|
133
|
+
<p id="fVAmKe" class="- topic/p ">System Security Plan</p>
|
|
134
|
+
</entry>
|
|
135
|
+
<entry colname="2" class="- topic/entry ">
|
|
136
|
+
<p id="plSHms" class="- topic/p ">CAGE Codes supported by this
|
|
127
137
|
plan</p>
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
138
|
+
</entry>
|
|
139
|
+
<entry colname="3" class="- topic/entry ">
|
|
140
|
+
<p id="cnvzaY" class="- topic/p ">Brief description of the plan
|
|
131
141
|
architecture</p>
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
142
|
+
</entry>
|
|
143
|
+
<entry colname="4" class="- topic/entry ">
|
|
144
|
+
<p id="VidOwG" class="- topic/p ">Date of assessment</p>
|
|
145
|
+
</entry>
|
|
146
|
+
<entry colname="5" class="- topic/entry ">
|
|
147
|
+
<p id="ByzhYm" class="- topic/p ">Total Score</p>
|
|
148
|
+
</entry>
|
|
149
|
+
<entry colname="6" class="- topic/entry ">
|
|
150
|
+
<p id="Hhorse" class="- topic/p ">Date score of 110 will achieved</p>
|
|
151
|
+
</entry>
|
|
152
|
+
</row>
|
|
153
|
+
<row rowsep="1" class="- topic/row ">
|
|
154
|
+
<entry colname="1" class="- topic/entry ">
|
|
155
|
+
<p id="QkgcXF" class="- topic/p "/>
|
|
156
|
+
</entry>
|
|
157
|
+
<entry colname="2" class="- topic/entry ">
|
|
158
|
+
<p id="vXqVQv" class="- topic/p "/>
|
|
159
|
+
</entry>
|
|
160
|
+
<entry colname="3" class="- topic/entry ">
|
|
161
|
+
<p id="YRuRkW" class="- topic/p "/>
|
|
162
|
+
</entry>
|
|
163
|
+
<entry colname="4" class="- topic/entry ">
|
|
164
|
+
<p id="AypkwL" class="- topic/p "/>
|
|
165
|
+
</entry>
|
|
166
|
+
<entry colname="5" class="- topic/entry ">
|
|
167
|
+
<p id="DXFJvj" class="- topic/p "/>
|
|
168
|
+
</entry>
|
|
169
|
+
<entry colname="6" class="- topic/entry ">
|
|
170
|
+
<p id="mPXfar" class="- topic/p "/>
|
|
171
|
+
</entry>
|
|
172
|
+
</row>
|
|
173
|
+
<row rowsep="1" class="- topic/row ">
|
|
174
|
+
<entry colname="1" class="- topic/entry ">
|
|
175
|
+
<p id="isMjdD" class="- topic/p "/>
|
|
176
|
+
</entry>
|
|
177
|
+
<entry colname="2" class="- topic/entry ">
|
|
178
|
+
<p id="xKzNWx" class="- topic/p "/>
|
|
179
|
+
</entry>
|
|
180
|
+
<entry colname="3" class="- topic/entry ">
|
|
181
|
+
<p id="wxZixS" class="- topic/p "/>
|
|
182
|
+
</entry>
|
|
183
|
+
<entry colname="4" class="- topic/entry ">
|
|
184
|
+
<p id="yRVJDd" class="- topic/p "/>
|
|
185
|
+
</entry>
|
|
186
|
+
<entry colname="5" class="- topic/entry ">
|
|
187
|
+
<p id="OOkNIF" class="- topic/p "/>
|
|
188
|
+
</entry>
|
|
189
|
+
<entry colname="6" class="- topic/entry ">
|
|
190
|
+
<p id="lHADmd" class="- topic/p "/>
|
|
191
|
+
</entry>
|
|
192
|
+
</row>
|
|
193
|
+
<row rowsep="0" class="- topic/row ">
|
|
194
|
+
<entry colname="1" class="- topic/entry ">
|
|
195
|
+
<p id="wIFeLG" class="- topic/p "/>
|
|
196
|
+
</entry>
|
|
197
|
+
<entry colname="2" class="- topic/entry ">
|
|
198
|
+
<p id="SgXSKp" class="- topic/p "/>
|
|
199
|
+
</entry>
|
|
200
|
+
<entry colname="3" class="- topic/entry ">
|
|
201
|
+
<p id="EyROxs" class="- topic/p "/>
|
|
202
|
+
</entry>
|
|
203
|
+
<entry colname="4" class="- topic/entry ">
|
|
204
|
+
<p id="JHhNhq" class="- topic/p "/>
|
|
205
|
+
</entry>
|
|
206
|
+
<entry colname="5" class="- topic/entry ">
|
|
207
|
+
<p id="RdcDxN" class="- topic/p "/>
|
|
208
|
+
</entry>
|
|
209
|
+
<entry colname="6" class="- topic/entry ">
|
|
210
|
+
<p id="axiptd" class="- topic/p "/>
|
|
211
|
+
</entry>
|
|
212
|
+
</row>
|
|
213
|
+
</tbody>
|
|
214
|
+
</tgroup>
|
|
215
|
+
</table>
|
|
216
|
+
<info li_elems="2"/>
|
|
217
|
+
</li>
|
|
218
|
+
</ol>
|
|
219
|
+
</li>
|
|
220
|
+
<li>
|
|
221
|
+
<p id="cmzKMA" outputclass="List2" class="- topic/p "><ph props="autonumber" class="-topic/ph">(2)</ph><i class="+ topic/ph hi-d/i ">Medium and High Assessments</i>.
|
|
207
222
|
DoD will post the following Medium and/or High Assessment summary
|
|
208
223
|
level scores to SPRS for each system assessed:</p>
|
|
209
|
-
|
|
224
|
+
<info li_elems="0"/>
|
|
225
|
+
<ol>
|
|
226
|
+
<li>
|
|
227
|
+
<p id="lDLNuh" outputclass="List3" class="- topic/p "><ph props="autonumber" class="-topic/ph">(i)</ph> The standard assessed
|
|
210
228
|
(e.g., NIST SP 800-171 Rev 1).</p>
|
|
211
|
-
|
|
229
|
+
</li>
|
|
230
|
+
<li>
|
|
231
|
+
<p id="bhroqq" outputclass="List3" class="- topic/p "><ph props="autonumber" class="-topic/ph">(ii)</ph> Organization conducting
|
|
212
232
|
the assessment, e.g., DCMA, or a specific organization (identified
|
|
213
233
|
by Department of Defense Activity Address Code (DoDAAC)).</p>
|
|
214
|
-
|
|
234
|
+
</li>
|
|
235
|
+
<li>
|
|
236
|
+
<p id="NAhkBr" outputclass="List3" class="- topic/p "><ph props="autonumber" class="-topic/ph">(iii)</ph> All industry CAGE code(s)
|
|
215
237
|
associated with the information system(s) addressed by the system
|
|
216
238
|
security plan.</p>
|
|
217
|
-
|
|
239
|
+
</li>
|
|
240
|
+
<li>
|
|
241
|
+
<p id="NRYKou" outputclass="List3" class="- topic/p "><ph props="autonumber" class="-topic/ph">(iv)</ph> A brief description
|
|
218
242
|
of the system security plan architecture, if more than one system
|
|
219
243
|
security plan exists.</p>
|
|
220
|
-
|
|
244
|
+
</li>
|
|
245
|
+
<li>
|
|
246
|
+
<p id="EClMON" outputclass="List3" class="- topic/p "><ph props="autonumber" class="-topic/ph">(v)</ph> Date and level of the
|
|
221
247
|
assessment, i.e., medium or high.</p>
|
|
222
|
-
|
|
248
|
+
</li>
|
|
249
|
+
<li>
|
|
250
|
+
<p id="dIPCNz" outputclass="List3" class="- topic/p "><ph props="autonumber" class="-topic/ph">(vi)</ph> Summary level score
|
|
223
251
|
(e.g., 105 out of 110, not the individual value assigned for each
|
|
224
252
|
requirement).</p>
|
|
225
|
-
|
|
253
|
+
</li>
|
|
254
|
+
<li>
|
|
255
|
+
<p id="oqqNyZ" outputclass="List3" class="- topic/p "><ph props="autonumber" class="-topic/ph">(vii)</ph> Date that all requirements
|
|
226
256
|
are expected to be implemented (i.e., a score of 110 is expected
|
|
227
257
|
to be achieved) based on information gathered from associated plan(s)
|
|
228
258
|
of action developed in accordance with NIST SP 800-171.</p>
|
|
229
|
-
|
|
230
|
-
|
|
259
|
+
<info li_elems="2"/>
|
|
260
|
+
</li>
|
|
261
|
+
</ol>
|
|
262
|
+
</li>
|
|
263
|
+
<li>
|
|
264
|
+
<p id="PwHfUF" outputclass="List2" class="- topic/p "><ph props="autonumber" class="-topic/ph">(3)</ph><i class="+ topic/ph hi-d/i ">Accessibility</i>.</p>
|
|
265
|
+
<info li_elems="0"/>
|
|
266
|
+
<ol>
|
|
267
|
+
<li>
|
|
268
|
+
<p id="VwqmbY" outputclass="List3" class="- topic/p "><ph props="autonumber" class="-topic/ph">(i)</ph> Assessment summary level
|
|
231
269
|
scores posted in SPRS are available to DoD personnel, and are protected,
|
|
232
270
|
in accordance with the standards set forth in DoD Instruction 5000.79,
|
|
233
271
|
Defense-wide Sharing and Use of Supplier and Product Performance
|
|
234
272
|
Information (PI).</p>
|
|
235
|
-
|
|
273
|
+
</li>
|
|
274
|
+
<li>
|
|
275
|
+
<p id="DvBkxK" outputclass="List3" class="- topic/p "><ph props="autonumber" class="-topic/ph">(ii)</ph> Authorized representatives
|
|
236
276
|
of the Offeror for which the assessment was conducted may access
|
|
237
277
|
SPRS to view their own summary level scores, in accordance with
|
|
238
|
-
the SPRS Software User
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
class="- topic/
|
|
242
|
-
<p id="QZroFC" outputclass="List3" class="- topic/p ">(iii) A High NIST SP 800-171
|
|
278
|
+
the SPRS Software User's Guide for Awardees/Contractors available at <xref href="https://www.sprs.csd.disa.mil/pdf/SPRS_Awardee.pdf" format="pdf" scope="external" class="- topic/xref ">https://www.sprs.csd.disa.mil/pdf/SPRS_Awardee.pdf</xref>.</p>
|
|
279
|
+
</li>
|
|
280
|
+
<li>
|
|
281
|
+
<p id="QZroFC" outputclass="List3" class="- topic/p "><ph props="autonumber" class="-topic/ph">(iii)</ph> A High NIST SP 800-171
|
|
243
282
|
DoD Assessment may result in documentation in addition to that listed
|
|
244
283
|
in this section. DoD will retain and protect any such documentation
|
|
245
284
|
as “Controlled Unclassified Information (CUI)” and intended for
|
|
@@ -248,7 +287,13 @@ unauthorized use and release, including through the exercise of
|
|
|
248
287
|
applicable exemptions under the Freedom of Information Act (e.g.,
|
|
249
288
|
Exemption 4 covers trade secrets and commercial or financial information
|
|
250
289
|
obtained from a contractor that is privileged or confidential).</p>
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
290
|
+
</li>
|
|
291
|
+
</ol>
|
|
292
|
+
</li>
|
|
293
|
+
</ol>
|
|
294
|
+
</li>
|
|
295
|
+
</ol>
|
|
296
|
+
<p id="jPDpPf" outputclass="Ctr" class="- topic/p ">(End of provision)</p>
|
|
297
|
+
</conbody>
|
|
298
|
+
</concept>
|
|
254
299
|
</dita>
|