Seven Star is striving to implement CMMC Level 2 by 2027

In the meantime, Seven Star Marine has implemented the following:

FAR 52.204-7012 – Seven Star Marine has a program implemented to comply with FAR 52.204-21 for all Federal Contract Information that is processed, stored or transmitted by Seven Star Marine Systems. 

DFARS 252.204-7012 - Seven Star Marine has a System Security Plan (SSP), Plan of Actions and Milestones (POA&M), is leveraging FedRAMP authorized cloud services for Covered Defense Information (CDI) and has a Cyber Incident Response Plan to comply with the DFARS 252.204-7012 clause. The program established includes several policies, plans, procedures and processes that enable Seven Star Marine to protect CDI on an ongoing basis. 

DFARS 252.204-7019 - Seven Star Marine has conducted a self-assessment using NIST SP800-171A and scored practices as implemented or not-implemented following the DoD NIST SP800-171 Assessment Methodology and entered our score into the Procurement Integrated Enterprise Environment (PIEE) Supplier Performance Risk System (SPRS).   Our last self-assessment was performed on 10/29/2025 with a score of -65.  We initially planned on having the POA&M corrected by 7/25/2026 then we will reevaluate the score.   

DFARS 252.204-7020 – Seven Star Marine will comply with a government led (DCMA DIBCAC) assessment under this clause when notified of an assessment

DFARS 252.204-7021 – Seven Star Marine does not have this clause in contracts today (to include purchase orders and terms and conditions).  Seven Star Marine will perform a self-assessment and upload a score into SPRS for a CMMC L2 Self-Assessment that will reflect the current status of the information system, have a score of at least an 88 (or higher) and will comply with the 32 CFR 170.21 and 32 CFR 170.24 requirements for controls permitted to be on the POA&M when negotiated as part of the contract. If an organization is requiring Seven Star Marine to comply with this clause, please provide the following information to assist with determining applicability.

• A Contract outlining the Contract Data Requirements List (CDRL) that Seven Star Marine is delivering under this agreement that states what information Seven Star Marine is developing on behalf of the contractor that will be delivered to the government and the appropriate markings of the material

  • A list of materials and the communications method that the material will be delivered to Seven Star Marine so we may negotiate the proper method of reception and storage.

    • E.g. Drawing files in PDF format via emails that is marked CUI//PROPIN

    • E.g. Specifications in word format delivered via DoD Safe that is marked CUI//SP-CTI

    • E.g. STEPP files on a USB drive delivered via USPS that is marked CUI//SP-NNPI

    • A source document that we may derive the sensitive information (CUI) category from such as a Program Protection Plan, Security Classification Guide, Statement of Work, Specifications from a Statement of Work or similar official government contract documentation.

• DFARS 252.204-7025 – Seven Star Marine will perform the appropriate Self-Assessment as communicated in the DFARS 252.204-7021 response.  If a C3PAO assessment is required for the contract, Seven Star Marine will negotiate the terms of the clause and financial terms to comply with the requirements to obtain a C3PAO assessment and to use internal labor to support the assessment.