DFARS 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting requires contractors working with the US Department of Defense to have effective cybersecurity programs and policies in place. Part of that requirement is a flow down that obligates covered contractor systems that are not part of a more rigorous set of requirements to ensure they at least meet the requirements of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171. To administer the NIST requirement, your client is requesting that you certify to conformance with NIST by completing this survey, uploading required supporting documents, and certify whether you have flowed down and conducted due diligence on your own suppliers.
Making a NIST Compliance Certification Declaration in the Supplier Portal
To complete the declaration, you must first have received the campaign email.
- In the General Information section, enter the Registered Supplier Name:
- Enter the Name, Job Title, Phone Number, and Email of the respondent:
- Click Next.
- In the Certification section, answer the following required question:
Depending on your answers to the questions presented, you may need to answer additional questions or provides details to support your response. For example:
- When you have finished responding to the required questions, click Continue.
- On the Declaration Complete page, you can submit optional feedback on the declaration process.