As a DoD contractor, you must conduct a Self-Assessment of your information security architecture and report your Supplier Performance Risk System (SPRS) score to ensure that you will continue to qualify for contracts, task orders, and delivery orders that include the common DFARS 252.204-7012 clause. This requirement applies only when you currently hold Controlled Unclassified Information (CUI), or when the contracting officer anticipates that you will.  

 

Contracting officers are already very broadly applying this requirement, so if you think it does not apply, seek appropriate counsel.

​

DCG is pleased to offer a free CMMC Self-Assessment Tool, designed to support your organization's efforts to meet DoD Self-Assessment requirements. It was built with companies of all sizes in mind, and is based on processes that have been in use for years at DCG.  This tool is a powerful mechanism that:

​

• Provides a dashboard for your implementation status against NIST 800-171 and CMMC assessment objectives

• Automates scoring of the DFAR Basic Self-Assessment using the DCMA Methodology

• Provides the following additional features:

  • organizes associated projects, which can be the basis of your Program Office function for 171 and CMMC

  • calculates your current Self-Assessment score

  • catalogues ongoing gaps in compliance 

  • tracks the production of artifacts for your future audit