Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF DECEMBER 21, 2025 SAM #8791
SPECIAL NOTICE

99 -- Portland District USACE � Notice to Industry: Anticipated Requirement for CMMC Level 2 (Self-Assessment) on Future Contract Actions

Notice Date
12/19/2025 12:28:29 PM
 
Notice Type
Special Notice
 
Contracting Office
W071 ENDIST PORTLAND PORTLAND OR 97204-3495 USA
 
ZIP Code
97204-3495
 
Archive Date
04/15/2026
 
Description
The Portland District, U.S. Army Corps of Engineers (USACE), provides this Notice to Industry to inform current and prospective contractors that most future contract actions issued by the District are expected to require Cybersecurity Maturity Model Certification (CMMC) 2.0 Level 2 (Self-Assessment). This notice is informational only and does not constitute a solicitation, request for proposal, or request for quote. In alignment with Department of Defense implementation of CMMC 2.0, contracting officers are required to include applicable CMMC levels in solicitations and to verify that an offeror�s current CMMC status (self-assessment or certification, as required) is recorded in the Supplier Performance Risk System (SPRS) as a condition of award. For most Portland District requirements, offerors will be expected to have completed a CMMC Level 2 self-assessment in accordance with NIST SP 800?171 requirements, scored using the CMMC Level 2 assessment methodology, and entered their score and affirmation in SPRS prior to award. The following provisions and clauses may be included in forthcoming solicitations and are available here: https://www.acquisition.gov/ Defense Federal Acquisition Regulations Supplement (DFARS) provisions 252.204-7008, Compliance with Safeguarding Covered Defense Information Controls, 252.204-7019, Notice of NIST SP 800-171 DoD Assessment Requirements, and 252.204-7025, Notice of Cybersecurity Maturity Model Certification Level Requirements may be included in most future solicitations. Federal Acquisition Regulation (FAR) clause 52.204-21 Basic Safeguarding of Covered Contractor Information Systems and DFARS clauses 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (Deviation 2024-O0013), 252.204-7020 NIST SP 800-171 DoD Assessment Requirements, and 252.204-7021 Contractor Compliance With the Cybersecurity Maturity Model Certification Level Requirements will likely be included in most upcoming solicitations. Contractors are strongly encouraged to review official CMMC resources and implementation guidance published by the Department of Defense and to begin or continue their compliance efforts as soon as practicable. Organizations that anticipate pursuing Portland District USACE work should ensure that their internal cybersecurity practices, documentation, and assessments are up to date in SPRS. This notice does not change any existing contracts and does not by itself impose new requirements; specific CMMC requirements, including the level and assessment type, will be identified in individual solicitations and contracts. Interested vendors should monitor SAM.gov and other official USACE communication channels for future solicitations that will identify the applicable CMMC requirements for each procurement.
 
Web Link
SAM.gov Permalink
(https://sam.gov/workspace/contract/opp/04ee1135089b4db7ba06e836501eeb3d/view)
 
Place of Performance
Address: Portland, OR 97204, USA
Zip Code: 97204
Country: USA
 
Record
SN07671185-F 20251221/251219230031 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.