A Solution For Businesses that Require CMMC Compliance



The DEFENSE FEDERAL ACQUISITION REGULATION SUPPLEMENT (DFARS) CASE 2019–D041 was implemented by the Department of Defense (DoD) on September 29, 2020 as an Interim Rule. This rule amends the DFARS to implement a DoD Assessment Methodology and Cybersecurity Maturity Model Certification framework to assess contractor implementation of cybersecurity requirements and enhance the protection of unclassified information within the DoD supply chain.

  • DFARS mandates the implementation of NIST Special Publication 800-171r2 (NIST SP 800-171r2). This requires companies holding or seeking government contracts to deliver self-assessment scores with a System Security Plan (SSP) and a Plan of Action and Milestones (POA&M) to the Supplier Performance Risk System (SPRS).
  • CMMC 2.0 is on the horizon and will follow DFARS. It is a program designed by the Department of Defense (DoD) to define minimum levels of protection for FCI (Federal Contract Information) and CUI (Controlled Unclassified Information). Contracts with FCI require compliance with six CMMC 2.0 Domains. Contracts with CUI require compliance with all fourteen CMMC 2.0 Domains; the requirements mirror the 110 security practices in NIST SP 800-171.

Companies that Require Cybersecurity Compliance 

  • Flow Down: Organizations that do business with companies in the DSC and DIB are also required to comply with this mandate for self-assessment. 
  • Contract Requirements:  Contracting agencies may require compliance with the DFARS Interim Rule upon award of a contract or contract renewal.

What is this and how does it impact your company? 

The Defense Federal Acquisition Regulation Supplement (DFARS) subpart 204,73 has been amended to include NIST SP 800-171r2 DoD CMMC methodology which requires companies to provide a cybersecurity self-assessment and submit it to the SPRS prior to any contract award, contract renewal, or contract modification.  As part of this set of deliverables, companies must provide self-assessment scores in addition to a System Security Plan (SSP) and a Plan of Action and Milestones (POA&M) to the SPRS for the DoD.  Dnutch Associates, Inc. is an SMB Federal Contractor, and we understand the technical and financial challenges facing federal contractors when presented with new federally mandated regulations and the need to achieve compliance quickly in the most cost-effective way possible.

Dnutch has your NIST 800-171 r2 SPRS Solution:

Dnutch Associates, Inc. has designed (or offers) a scalable, cost-effective product for SMBs in the Defense Industrial Base (DIB).  We realized that we needed something that would provide protection for our company’s digital resources and expedite affordable compliance with federal mandates. That product is CMMC Compliance in a Box (CCIB™).

Please visit the CCIB™ website for further information.

Dnutch CCIB™ (CMMC Compliance in a Box)

Dnutch Associates, Inc. is offering CCIB™ as a hardware and software turnkey solution to help businesses in the U.S. Department of Defense (DoD) Defense Industrial Base (DIB) achieve compliance with federally-mandated cybersecurity standards.

Become CMMC Compliant with Dnutch CCIB™

  • Functional Compliance: Give your company a head-start with a secure computing and communications platform.
  • Meet Current Regulations:  DFARS Interim Rule requires self-assessment against NIST SP 800-171r2 and reporting to the SPRS.
  • Administrative Compliance:  Optional Tools are being offered with CCIB™ to help document corporate governance, self-assessment, and SPRS reporting.
  • Additional Security:  Optional GCC-High Subscription is being offered with CCIB™ to provide a secure computing and cloud communication environment in the US Sovereign Cloud.
  • Expedite Compliance:  Small businesses with minimal IT resources will save time and money, using CCIB™ and the Optional Tools.

What You Get with Dnutch CCIB™

  • Secure laptop & cloud bundle
  • Dynamic monitoring & reporting
  • Cost-Effective and scalable
  • Documentation tools (optional)

CCIB is not for sale to businesses located outside the continental United States (CONUS).