The fact that defense contractors are required to comply with NIST SP 800-171 no later than December 31, 2017 is not new, however, many small defense contractors are worried about their ability to comply. For all contracts that are awarded prior to October 1, 2017, the Contractor must notify the Department of Defense Chief Information Officer of what NIST SP 800-171 security requirements are not implemented at that time.
The recommendation is that small subcontractors should adopt new policies and procedures to comply with this rule, and begin implementing NIST SP 800-171.
Those small subcontractors who comply with the 2013 Safeguarding of Unclassified Controlled Technical Information DFARS clause with NIST SP 800-53 controls should make policy and process changes or adjust the configuration of existing IT within their organization. This way, aside from the 3.5.3. multi-factor authentication requirement, the company would not need to add any new hardware.
CyberSaint is hosting a webinar July 25, 2017 that goes through “Three Steps to DFARS Success”. This informational opportunity is an effort for contractors understand where they need to start once they decide to start their DFARS compliance journeys.
Register on our website as spots are limited!
Read the source article here.