Press Release: HCRS Is Ready to Assist the 75% of Government Contractors That Are Not Cyber-Compliant - Healthcare Resolution Services

Celebrating 20 Years in Business

  • (301) 497-1187
HCRS Logo
Contractor noncompliance concept: a link in a digital chain is broken and red, beside the statistic, "75%."

Press Release: HCRS Is Ready to Assist the 75% of Government Contractors That Are Not Cyber-Compliant

In an effort to protect Controlled Unclassified Information (CUI), the Department of Defense (DoD) has heightened its auditing and enforcement of cyber requirements for government contractors. According to FutureFeed, this comes in the wake of audits where 75 percent of contractors that self-attested as meeting all DoD requirements were shown to be in error.

What Does This Mean for Contractors?

Contractors with misreported scores face the loss of current or future contracts, as well as fines.

What Contractors Must Do Now

All contractors that want to partner with the federal government must perform self-assessments to verify their compliance with NIST SP 800-171. Those assessments include two key DFARS clauses: 7019, which acknowledges that the DoD’s Defense Industrial Base Cybersecurity Assessment Center (DIBCAC), as well as other organizations, will audit these assessments; and 7020, which imposes these assessments and how they’re scored. Contractors’ scores must be submitted to the DoD’s Supplier Performance Risk System (SPRS) before they will be given consideration. Contractors must also maintain two (2) pieces of evidence for each of the 110 practices under NIST SP 800-171.

How Many Contractors Have Submitted Scores?

Currently, only a fourth of contractors that handle CUI have submitted scores — and, as previously noted, only a quarter of those submissions have been accurate. 

The Takeaway

The DoD is expected to release its final rulemaking for the Cybersecurity Maturity Model Certification (CMMC), the enforcement arm for DFARS 7019 and 7020. Companies should take the time now to confirm whether they truly meet NIST compliance and report their scores to SPRS. Low scores are not penalized, as contractors can establish Plans of Action and Milestones (POA&Ms) to fill any identified gaps, with the intent to implement those changes within 180 days of reporting. 

The Solution

Healthcare Resolution Services (HCRS) can assist organizations that need guidance on improving their scores. As a registered provider organization (RPO), they can identify which NIST requirements have not been met, and establish POA&Ms to fulfill them, prior to an actual audit by a CMMC Third-Party Assessment Organization (C3PAO).

Where to Start

Contractors can start their path to cyber excellence and NIST compliance by downloading HCRS’s complimentary ebook, Cybersecurity Checklist for All Business Owners. Click here to obtain a copy, or contact them for more information.

Subscribe to our blog

Maryland department of transportation logo
Small women and minority owned logo
SBA WOSB Woman Owned Small Business Logo
WBENC women's business enterprise national council logo
NYC Certified Women Owned Business Enterprise logo
GSA advantage logo
HCRS

Stay Connected

HCRS News

Subscribe to Stay Informed

Twitter Linkedin Instagram

Who We Are

Services

Career Opportunities

Interested in applying for a job with us? HCRS offers competitive compensation and benefits and hires a wide range of professionals. Apply Here

Comodo Secure Logo

8601 Robert Fulton Drive, Suite 130 | Columbia, Maryland 21046 | Office: (301) 497-1187 Fax: (866) 384-2303
Copyright © 2023 Healthcare Resolution Services, Inc. All rights reserved. | Privacy Policy