top of page

Start Your Journey Towards NIST 800-171
and CMMC Certification

image of clock that is ticking down


CMMC 2.0 Certification Starts With DFARS & NIST SP 800-171

What Should You Be Doing Right Now?

DFARS 252.204-7012 has already mandated that you were to be NIST SP 800-171 compliant by December of 2017. If you’re not already NIST SP 800-171 compliant by now, you have some major work to do before January of 2025 to continue to get DoD contracts and orders. 


DFARS 252.204-7012

DFARS 252.204-7012 says that if you transfer, process, or store CUI (Controlled Unclassified Information) in any way, you must become NIST SP 800-171 compliant. That is what Bluestreak Consulting™, can help you with. Our team of experts are available to help you in one of two ways. The 1st way is to guide your internal compliance team through the confusing and complex regulations by the DoD, or the 2nd option, Bluestreak Consulting™ can manage this entire process to make sure you meet all of your NIST SP 800-171 requirements and will be CMMC audit-ready


DFARS 252.204-7019 (part of the DFARS Interim Rule)

DFARS 252.204-7019 says that you must perform a self-assessment (or an outside 3rd-party assessment) on your company infrastructure to see where you are in your current cyber and physical security. This will be done working with NIST SP 800-171A requirements. 


DFARS 252.204-7020 (also, part of the DFARS Interim Rule)

DFARS 252.204-7020 mandates you must submit the results and score of that assessment to the SPRS (Supplier Performance Risk System). You must also have a list of POA&Ms (Plan of Action & Milestones) and a populated SSP (System Security Plan). Bluestreak Consulting™ has a full set of templates that will cover all of these requirements. 


DFARS 252.204-7021 (also, part of the DFARS Interim Rule)

DFARS 252.204-7021 mandates you must prepare for CMMC 2.0 certification by implementing NIST SP 800-171 as a starting point. 


CMMC 2.0

CMMC 2.0 requirements are expected to be mandatory and start appearing on DoD contracts in the 1st quarter of 2025, which is just 14 months away. Keep in mind, it typically takes between 9 to 18 months to achieve NIST SP 800-171 compliance. If you wait any longer to implement NIST SP 800-171 requirements, you will begin to lose business starting in Q1 of 2025 if you are not compliant.

Let us help you secure your data and secure your future.

contact us image
bottom of page