Security Requirements Tab
Use this tab to specify security details, CMMC requirements, and other clearance information related to the contract.
When the opportunity is won and you create a contract record from the opportunity, the data on this tab automatically populates with the values entered for the opportunity on the Security Requirements tab of the Manage Opportunities screen. You can edit these values as needed in Manage Contracts.
Contents
| Field | Description |
|---|---|
| Classified | Select this checkbox if the contract involves classified information or if the work is expected to require access to classified materials. |
| US Citizenship Restrictions | Select this checkbox if the contract has restrictions requiring US citizenship. |
| DD254 Required | Select this checkbox if a DD254 form (Department of Defense Contract Security Classification Specification) is necessary for the contract. This form is typically required for contracts involving access to classified information. |
| FedRamp | Select this checkbox if the contract involves cloud services that must meet federal security standards as outlined by the Federal Risk and Authorization Management Program (FedRamp). |
| NIST 800-53 | Select this checkbox if the contract requires compliance with NIST Special Publication 800-53, which provides a catalog of security and privacy controls for federal information systems and organizations. |
| NIST 800-171 | Select this checkbox if the contract requires compliance with NIST Special Publication 800-171, which outlines security requirements for protecting Controlled Unclassified Information (CUI) in non-federal systems and organizations. |
| ITAR | Select this checkbox if the contract must comply with the International Traffic in Arms Regulations (ITAR). This is important for contracts involving export-controlled information. |
| Security Clearance | Enter, or click
 to select, the minimum level of security clearance required for the contract. Options include:
|
| Other Clearance | Enter, or click
to select, any additional clearance requirements beyond standard security clearances (for example, Sensitive Compartmented Information or Special Access Program requirements).
|
| CMMC Requirements |
Enter any information on Cybersecurity Maturity Model Certification (CMMC) requirements related to the contract. CMMC aims to measure the maturity or level of the organization's cybersecurity processes in complying with the protection of controlled unclassified information (CUI) within the Defense Industrial Base (DIB) networks. There are various levels of CMMC certifications. Controls and processes associated with each level are aimed to reduce the risk against a specific set of cyber threats. Attention: For more information on CMMC, visit
https://dodcio.defense.gov/CMMC/.
|