Meeting the Updated Joint Certification Program (JCP) Requirements (DD 2345)

January 6, 2025

Get a Competitive Advantage in the JCP by Achieving NIST 800-171 Compliance + Increasing your SPRS Score

The Joint Certification Program (JCP) is designed to allow US and Canadian contractors to apply for access to unclassified export controlled data belonging to either the U.S. Department of Defense (DoD) or Canadian Department of National Defence (DND). It provides streamlined access to unclassified, export-controlled military technical data critical to national defense. However, updates to the program have introduced a crucial requirement for JCP applicants: documenting a NIST 800-171 assessment and calculating a Supplier Performance Risk System (SPRS) score.

This guide explains the Joint Certification Program, details the NIST 800-171 requirement, and highlights how PreVeil can support defense contractors in navigating these changes efficiently.

What is the Joint Certification Program (JCP)?

Established in 1985, the Joint Certification Program (JCP) facilitates secure information sharing between the U.S. and Canada. JCP certification grants eligible companies access to unclassified, export-controlled technical data, such as:

Blueprints
Software
Operating instructions
Other critical technical information

This data is vital for national defense and ensures contractors are equipped to support military operations securely.

In order to obtain JCP Certification, businesses must:

Complete DD Form 2345: This form must be filled out to enable access to the JCP
Show proof of NIST 800-171 compliance: As of November 30th, 2020, JCP applicants must have their NIST 800-171 assessment documented in the SPRS. This requirement stems from the Defense Federal Acquisition Regulation Clause (DFARS) 252.204-7012, which mandates NIST 800-171 compliance for all DoD contractors and subcontractors.
System for Awared Management (SAM): Ensure SAM registration is updated and correct
Data handling: Review Introduction to Proper Handling Training(PDF)

What is NIST 800-171?

NIST Special Publication (SP) 800-171 provides a framework for protecting Controlled Unclassified Information (CUI). CUI encompasses sensitive government information that is not classified, but still requires safeguarding.

JCP Renewals and the NIST 800-171 Requirement

Many JCP certifications are approaching their five-year renewal period. Companies renewing their JCP certification for the first time since the NIST requirement came into effect will need to ensure their NIST assessment is documented in the SPRS. Failure to do so will result in a denial of their JCP application.

How PreVeil Simplifies JCP, NIST 800-17, and CMMC Compliance

PreVeil is a proven solution trusted by over 1500 defense contractors to help comply with JCP, NIST 800-171, and the Cybersecurity Maturity Model Certification (CMMC) framework. Here’s how PreVeil helps:

Comprehensive NIST 800-171 Support: PreVeil’s File Sharing and Email platform enables contractors to protect CUI with end-to-end encryption & supports 102 out of 110 NIST 800-171 controls.
Boost your SPRS score: PreVeil helped enabled Virginia Tech’s Applied Research Corp. to increase their SPRS score by 80 points.
Pre-filled Documentation: Save time with pre-filled documents that include all 110 NIST 800-171 controls, including SOPs, SSP, and more.
Futureproof Compliance: PreVeil is recognized by the DoD as being FedRAMP Moderate Baseline Equivalent and supporting DFARS 7012 (c-g) and using FIPS 140-2 validated encryption module to protect CUI. This enables defense contractors to meet CMMC and ITAR compliance with this same system.
Personalized Support: PreVeil provides 1×1 support through your entire compliance journey – from prep to assessment through our network of consultants and auditors.

Achieve NIST 800-171 Compliance Today

The new NIST 800-171 requirement for JCP applications doesn’t have to be a roadblock. PreVeil simplifies compliance, helping contractors save over 60% compared to GCC High while securing sensitive data effectively.

Take control of your JCP certification and ensure compliance with ease. Contact PreVeil today to learn how we can help.

Get a Free Consultation with our Compliance Experts

Author

Orlee Berlove, reviewed by Noël Vestal, PMP, CMMC RP

Noël Vestal is PreVeil's Compliance Officer and CMMC Certified Professional (CCP) with over 15 years in DoD IT program management. She implemented the NIST 800-171/CMMC Level 2 compliance program for an OSC member of the DIB. She has her M.S. in Information Technology and holds certifications from the CMMC Accreditation Body (CyberAB), Project Management Professional (PMP), and CompTIA’s Security + certification.

Orlee Berlove has been a marketing leader for over 25 years, and is currently the Senior Director of Marketing at PreVeil. She has her Masters of Engineering, Operations Research and her Bachelor of Arts from Cornell University.

Related Blog

See All Blog

January 8, 2025

Countdown to Compliance: Demystifying the CMMC Timeline

CMMC

January 2, 2025

PreVeil Drive in 2025: The Evolution of Flexible Enterprise Security

PreVeil News

December 17, 2024

What is a System Security Plan (SSP)?

CMMC