CMMCDocs.comHome / Glossary / Flow-Down Clause
Flow-Down Clause
Also known as: Flowdown · Subcontractor flow-down
A contract requirement that obligates a prime contractor to pass certain clauses (like DFARS 252.204-7012 and CMMC) down to subcontractors handling the same data.
A flow-down clause is a contract requirement that obligates the prime contractor to pass certain contract terms — particularly cybersecurity and compliance requirements — down to its subcontractors when those subcontractors will handle the same regulated information.
DFARS 252.204-7012 and the CMMC requirements at DFARS 252.204-7021 are flow-down clauses. If a prime contractor handling CUI awards a subcontract to a smaller firm and CUI flows to that subcontractor, the prime is required to flow down the same NIST SP 800-171 implementation and CMMC certification requirements. The subcontractor is then independently obligated to comply.
Flow-down is the primary reason CMMC requirements are reaching small defense contractors. A 50-person machine shop that has never directly held a DoD contract may suddenly be subject to CMMC Level 2 because a prime is preparing to flow the requirement down on the next subcontract.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account