FAR 52.204.21 (All)

Basic Safeguarding of Covered Contractor Information Systems.

Contract Clause that applies to all Defense contrators at Level 1 and Level 2 compliance. (In effect even if you don’t see this in your contract.)

DFARS 252.204-7012 (Level 2)

Safeguarding Covered Defense Information and Cyber Incident Reporting.

Applies to all covered contractor information systems that are not part of an IT service or system operated on behalf of the Government.

DFARS 252.204-7019 (Level 1 and Level 2)

Notice of NISTSP 800-171 DoD Assessment Requirements.

This clause requires summary level scores of a current NIST SP 800-171 DoD Assessment are posted in the Supplier Performance Risk System (SPRS) for all covered contractor information systems.

DFARS 252.204-7020 (Level 1 and Level 2)

NIST SP 800-171DoD Assessment Requirements.

This clause applies to covered contractor information systems that are required to comply with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, in accordance with Defense Federal Acquisition Regulation System (DFARS) clause at 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, of this contract.