New FAR Rule IN Development for Vendors Handling CUI (Controlled Unclassified Information)

The DOD is working with civilian agencies on a new FAR rule that would apply new requirements for vendors that handle controlled unclassified information.

The Department of Defense (DOD) is collaborating with civilian agencies to introduce a new Federal Acquisition Regulation (FAR) rule.

In today's rapidly evolving digital landscape, cybersecurity has never been more important for civilian contractors working with the federal government. The new Federal Acquisition Regulation (FAR) rule will soon impose more stringent cybersecurity requirements, similar to the Cybersecurity Maturity Model Certification (CMMC).

This rule will implement new requirements for vendors handling CUI (Controlled Unclassified Information.)

Proposed FAR Rule
Cybersecurity for defense contractors
Cybersecurity for civilian contractors
Based on
NIST SP 800-171
NIST SP 800-171 & 800-172
DOD contractors
All federal government contractors
Current Basic Requirements
15 basic cybersecurity requirements
Expanded Controls
110 controls
110 controls (same as CMMC)
Federal CISO Council collaboration
Federal CISO Council collaboration
Third-party assessment
Unclear (self-attest or third-party)
Agency Collaboration
Connection to CUI Program
National Archives & Records Admin CUI
Contractor Accreditation Expenses
Expensive and burdensome
Not mentioned
Implementation Timeline
CMMC 2.0 rollout in progress
In development

Why do Federal Contractors choose InterSec as a FAR Compliance partner?

  • InterSec brings a rigorous CMMI Services Level 3 mature service delivery process and ISO 9001 quality management to our compliance services.

  • InterSec is a CMMC-AB RPO with many seasoned RPs and assessors.

  • A prime contractor on the Virginia GENEDGE CMMC services BPA, so you can count on us as a vetted CMMC compliance service provider.

  • A dedicated team of security professionals is available to for throughout the compliance process.

  • Strategic partnerships and alliances with product vendors to provide turnkey and cost-effective solutions to meet CMMC compliance.

  • Multiple services and price models that are easily customized to meet your organization's unique needs.

  • Experience in helping hundreds of Federal contractors throughout the U.S. navigate the complexities of DFARS, NIST 800-171, and even CMMC.

Contact our Compliance Experts

Our approach to FAR Compliance


Gap Assessment
  • Establishing existing cybersecurity maturity
  • Assess and align cybersecurity posture with new FAR rules and agency-specific regulations.


  • Documentation and technical remediation
  • Implement Controls


Ongoing Monitoring
  • Ongoing guidance
  • Security Awareness Training to Employees
  • Reporting
NIST 800-171 SSP,
Level 1 Advisory and consulting
Level 2 Advisory, Consulting, and MSSP

Don't wait: Get Started Today and Stay Ahead of the Curve.

Don't wait for the new regulations to come into effect. Contact our cybersecurity specialists now and start preparing your business for the future. Let us help you safeguard your organization's data, maintain compliance with government standards, and protect your interests in a rapidly evolving cyber landscape.

Case Studies

Here's how we've helped businesses overcome challenges and achieve their goals.

Unleashing cybersecurity success: How InterSec helps a manufacturing company meet CMMC requirements with ease

A Virginia-based manufacturing company was facing challenges in meeting the Cybersecurity Maturity Model Certification (CMMC) Level 2 requirements set forth by the Department of Defense. The company had limited IT resources and was hesitant about using cloud services.
The company was struggling to meet the CMMC requirements due to its limited IT resources, lack of dedicated IT staff, and use of outdated technology. Additionally, the company was cautious about using cloud services to store sensitive information.
InterSec was referred to the company to help them achieve CMMC compliance. InterSec engaged the company's executive management, educated the company's staff, and defined roles and responsibilities for information security. InterSec then utilized its NIST 800-171/CMMC field-tested readiness methodology to ensure a successful CMMC compliance milestone.
This is some text inside of a div block.
Controlled Unclassified Information (CUI) scoping
Gap analysis
A current state analysis of the client's organization security
Development of a remediation plan
Policies and procedures development
Technical remediation services, including asset management, multi-factor authentication, vulnerability scanning, email encryption, drive encryption, and virtual private network
InterSec is able to quickly remediate and improve the company's security posture, resulting in an SPRS score of 110. The client subsequently requested our Managed Security Service Provider (MSSP) services to maintain CMMC compliance.
InterSec's well-defined methodology, streamlined project execution, and expertise made the project a success, helping the company achieve the CMMC requirements and secure its systems. The company can now continue serving the defense industry while minimizing potential security risks.

Accelerating CMMC compliance: A Virginia-based acquisition support contractor's success story with InterSec

A Virginia-based Acquisition Support contractor with 200+ employees was facing challenges in meeting the Cybersecurity Maturity Model Certification (CMMC) Level 2 requirements set forth by the Department of Defense. With two office locations and a recent acquisition of a small manufacturing company, the contractor needed to comply with a defense contract and improve their SPRS score to 110.
The contractor faced a complex task of integrating the acquired company employees into its existing systems, and employees were not on the parent company's Active Directory which made it harder to enforce CMMC policies and procedures.
InterSec came to the rescue with its innovative approach to CMMC compliance, leveraging its CMMC accelerators and field-tested NIST 800-171/CMMC methodology to assess the current state and develop a remediation plan. The plan was executed by creating policies, procedures, supplement documents, and providing technical remediation services.
InterSec brought a rigorous CMMI Services Level 3 mature service delivery process and ISO 9001 quality management to CMMC services, conducted an assessment, developed a remediation plan, implemented policies/procedures, provided technical remediation services, integrated the acquired company, prepared documentation, and executed the project using their NIST 800-171/CMMC field-tested readiness methodology, resulting in a successful outcome for the customer.
The contractor's SPRS score improved to 110, the acquisition was seamlessly integrated into the parent company's systems, and all required documentation was uploaded into the SPRS system ahead of the deadline, meeting the customer's CMMC compliance requirements.
InterSec's innovative approach and experienced team helped the contractor achieve CMMC compliance and secure their systems, ensuring their ability to serve the defense industry while minimizing security risks. The well-defined methodology and field-tested approach to execution made the project a resounding success.

Our Clients

We have served many Federal agencies, Contractors, and large enterprises with their compliance needs.


Here is what some of our customers say about our Cybersecurity Services

InterSec has provided us with many cybersecurity services that includes CMMC compliance and Penetration Testing. We see them as a partner for the long run.

P. Dharia

CTO / Navitas Business Consulting

Their Pentest reports are very polished, well-organized, and to the point. It helped us prioritize our resources to address the findings. We Would highly recommend InterSec.


Partner / SamBuq

InterSec has been providing MSSP services to us. They are very responsive and able to provide us support whenever we need. They went beyond the scope and helped us.

W. Dawkins

Vice President / Arrikai, LLC

InterSec provided top-notch services for a comprehensive security assessment. With their help, we are implementing a high security standard to secure our mission.


Director of Security / A Maryland State Agency

Frequently Asked Questions

Here are some questions Frequently Asked Questions related to new FAR rule in development

What is the new FAR rule, and how does it impact civilian contractors?

The new Federal Acquisition Regulation (FAR) rule is in development that aims to impose more stringent cybersecurity requirements for civilian contractors handling Controlled Unclassified Information (CUI), similar to the DoD's Cybersecurity Maturity Model Certification (CMMC). The rule will expand the current 15 basic cybersecurity requirements to 110 controls under NIST SP-800-171, ensuring a higher level of protection against cyber threats.

How do I know if my organization will need to comply with the new FAR rule?

If your organization is a civilian contractor working with the federal government and handles Controlled Unclassified Information, you will likely need to comply with the new FAR rule once it is implemented. It's important to stay informed of any developments and be prepared to adjust your cybersecurity practices accordingly.

What is the difference between the new FAR rule and CMMC?

While the new FAR rule and CMMC share similarities, such as the implementation of 110 controls under NIST SP-800-171, they differ in scope and application. CMMC is specifically for DoD contractors, whereas the new FAR rule applies to civilian contractors working with civilian agencies.

Will the new FAR rule require third-party assessments like CMMC?

It is not yet clear if the new FAR rule will require third-party assessments, like CMMC, or if self-attestation will be permitted. Keep an eye on updates regarding the rulemaking process to understand how assessment requirements may evolve.

How can my organization prepare for the new FAR rule?

Begin by evaluating your current cybersecurity posture, identify any gaps or areas for improvement, and develop a plan to address those issues. Consider working with cybersecurity experts to guide you through the process and ensure your organization meets the requirements.

How long does it take to achieve compliance with the new FAR rule?

The time it takes to achieve compliance will vary depending on your organization's current cybersecurity posture and the complexity of the requirements. Working with a knowledgeable cybersecurity partner can help streamline the process and ensure a timely path to compliance.

Will my organization need to maintain compliance with the new FAR rule even after the initial implementation?

Yes, maintaining compliance with the new FAR rule will be an ongoing process as cybersecurity threats and requirements continue to evolve. Regular monitoring, updates, and employee training will be essential in keeping your organization compliant and secure.

About InterSec

InterSec Inc., a Virginia corporation founded in 2013, is a one-stop cybersecurity service provider to small and medium-sized businesses.

As one of the boutique cybersecurity providers, InterSec employs continuous cyber innovation, sophisticated tradecraft, and top talent to deliver results.

Our diverse clients span Commercial, State, and Federal agencies. Our deep cyber and industry expertise is earned through hands-on experience, from Cybersecurity Program setup to Operational Security.

Our cyber security services meet mission-critical objectives in a secure and compliant manner.

We bring CMMI Level 3 and ISO 9001 mature and quality processes to CMMC service delivery. Our CMMC accelerators and white-glove services are field-tested. So it helps you become CMMC compliant on time and on budget.

Our deep engagement with the DoD, CMMC-AB, nationwide PTACs, MEPs, industry groups, partners, and vendors uniquely positions us to know “what right looks like” to be CMMC Level compliant for DIBs as well as Federal Contractors in general.

Our bespoke solutions and services save your company valuable time, resources, and money in achieving CMMC compliance.

If you want to know more about FAR compliance, Fill in this form and our experts will reach you

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.