Businesses that work as contractors for the Department of Defense (DoD) should incorporate DFARS 7012 into their contract agreements. In 2017, this clause came into effect in response to data violations and growing cybersecurity risks within the Defense Industrial Base (DIB). It is still a prerequisite today, along with the Cybersecurity Maturity Model Certification (CMMC).
https://www.vlcsolutions.com/blog/dfars-7012/
DFARS 7019
In DFARS 70 clauses 7012, 7020, and 7021, the 252.204–7019 is one of three clauses announced. The provisions for contractors are maintained in this special clause. They must keep their evaluations and report them correctly, and contracting officers must grant or withhold awards based on correctly reported evaluation results. CMMC assessment and reporting are not mandated by this clause.
https://www.vlcsolutions.com/blog/dfars-7019/
DFARS 7020
In November 2020, the DFARS: Defense Federal Acquisition Regulation Supplement 252.204–7020 will be a part of three declared clauses in the DFARS 70 series (7012, 7019, and 7021). Contractors are required to comply
with DFARS 7020 Whenever the Department of Defense (DoD) revives or executes a Medium or High assessment, it will give the Government access to its structures, systems, and staff.
https://www.vlcsolutions.com/blog/dfars-7020/
DFARS 7021
A part of the DFARS 70 sequence (7012, 7019, and 7020) is DFARS 252.204–7021: Cybersecurity Maturity Model Certification Requirements. With the introduction of DFARS 7021, the Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0) provisions are incorporated into the federal regulatory structure.
https://www.vlcsolutions.com/blog/dfars-7021/
