DFARS 252.204-7020
NIST SP 800-171 DoD Assessment Requirements
Substantive companion to 252.204-7019. Requires contractors and subs that process, store, or transmit CDI to have a current NIST 800-171 DoD Assessment in SPRS, and to give the Government access to facilities and personnel for Medium and High Assessments. Establishes the assessment methodology (Basic = self, Medium / High = DoD-led).
Yes — flow down required to subcontractors handling CDI (252.204-7020(g)).
What this clause requires
- 1Current NIST 800-171 DoD Assessment in SPRS (Basic, Medium, or High depending on contract requirements).
- 2Flow-down to subs handling CDI.
- 3Access for Medium and High Assessments by DCMA's DIBCAC.
- 4Periodic reassessment per methodology.
When this clause applies
Common pitfalls
Proposal-team checklist
- ☐Audit sub list for CDI access; require subs to confirm SPRS score before sub award.
- ☐Pre-arrange DIBCAC assessment readiness — annual mock assessments uncover gaps.
- ☐Document control implementations rigorously — DIBCAC inspects evidence, not just attestation.
Stop tracking clauses in spreadsheets.
BidCraft auto-detects every FAR / DFARS clause in your RFP, builds the compliance matrix, and structures the response. Try free.
Generate a Proposal →FAQ
What is the difference between Basic, Medium, and High Assessments?
Basic = contractor self-assessment per DoD methodology. Medium = DIBCAC review of documentation. High = on-site DIBCAC assessment with evidence review. Medium and High typically result in lower scores than Basic.
Related clauses
Home · All FAR Clauses · Government RFP · Sample Proposal
Reference content based on the Federal Acquisition Regulation and DFARS as of June 2026. Always verify the current clause text at acquisition.gov before relying on it for an actual submission. Educational reference; not legal advice.