V2X is committed to safeguarding Federal Contract Information (FCI) and Covered Defense Information (CDI) as required by the FAR and DFARS.
V2X Subcontractors and Teammates who may handle Controlled Unclassified Information (process, store, or transit through an information system that is owned, or operated by or for, the Subcontractor / Teammate, or when performance of the contract involves operationally critical support) are required to comply with DFARS Clauses 252.204-7008, Compliance with safeguarding covered defense information controls and 252.204-7012, Safeguarding covered defense information and cyber incident reporting.
V2X requires Subcontractor / Teammate assurance of compliance to these DFARS Clauses as indicated in the respective supplier agreement(s). Subcontractors and Teammates who are unable to provide adequate assurance of required compliance may be eliminated from consideration.
NOTE: Cybersecurity Maturity Model Certification (CMMC) will be required for any contractor (prime or sub) to do business with the US Department of Defense. The required Maturity Level will be specified in the respective prime contract (with flow-down to Subcontractors and Teammates) and relates to the criticality of work to be performed and/or data to be handled.
NIST SP 800-171 Rev2 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations