1. Identifies practices, safeguards, restrictions, and accountability procedures to prevent the unnecessary transmission of controlled unclassified information (CUI) down the supply chain.
2. Verifies all National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 (latest revision) security requirements are implemented and are documented within the System Security Plan (SSP).
3. Addresses controls in place to enforce flow down of DFARS 252.204-7012 and 252.204-7020 and Prime Contractor IMCP procedures to all applicable Subcontractors.
4. Addresses procedures for monitoring supply chain compliance with DFARS 252.204-7012 and DFARS 252.204-7020.
5. Addresses procedures for reporting a cyber-incident In Accordance With (IAW) DFARS 252.204-7012. Word search: procedures, methods, steps, cyber-incident, -7012
6. Ensures assessment results are documented in the Supplier Performance Risk System (SPRS) IAW DFARS 252.204-7020.
7. Acknowledges the requirement to provide access to its facilities, systems, and personnel to perform a Government on-site assessment IAW DFARS 252.204-7020.
8. Acknowledges the requirement to complete, submit, and flow down the Supplier Compliance Supplement (SCS) to Subcontractors handling CUI. 

Our template is also in compliance with DI-MGMT-82383

Document ID:      DI-MGMT-82383      
Title:     Information Management and Control Plan (IMCP) for Department Of Defense (DOD) Assessments
Scope:     This Data Item Description (DID) supports the Information Management and Control Plan (IMCP) related to Department of Defense (DoD) Assessments. The IMCP for DoD Assessments complies with DFARS 252.204-7012, 252.204-7019, 252.204-7020, and the 110 National Institute of Science and Technology (NIST) Special Publication (SP) 800-171 Rev.2 security requirements. This DID is separate and distinct from the IMCP for Cybersecurity Maturity Model Certification (CMMC) Assessments.