Defense Acquisition Regulation Supplement (DFARS) 252.204-7012 requires defense contractors to protect the security of Controlled Unclassified Information (CUI). The issue now for these businesses is that the technical deadline for compliance with NIST 800-171 was December 31, 2017. So what's a contractor, subcontractor or supplier to do to secure its contracts?
What is 'DFARS'?
NIST 800-171 defines the security requirements for protecting CUI in nonfederal information systems. The DFARS 800-171 document details the needed security measures for each of 110 security requirements that defense contractors, subcontractors, and suppliers must adopt. Meeting the DFARS regulation helps nonfederal contractors and their supply chains to comply with the security requirements laid out in NIST special publication 800-171. Orgs in the defense supply chain are already sending out press releases about their successful compliance, and putting dfars compliance emblems on their websites to show due care and competitive edge.
The publication is tailored to nonfederal systems, so that these organizations know how to transmit, store and process the CUI that the Department of Defense doesn't want compromised.
What Counts as 'DFARS Compliant'? [Read our CASE STUDY on successful DFARS Compliance]
Subsequent guidance from the DoD shows that they understand that some smaller companies are having a hard time with this massive project. Thus, they're allowing these companies to have a POAM (Plan of Action and Mitigations) and SSP (System Security Plan) and show improvement to be 'conformant' for 2018. To demonstrate compliance with NIST SP 800-171, defense contractors must have these two compliiance documents ready for submission with every new and existing contract.
What Are the Concequences for Avoiding NIST 800-171?
If your company is not already in compliance with DFARS 800-171, keep in mind the consequences that can sneak up on you fairly quickly. You will likely be restricted from contracting with the government in the near future unless you ensure compliance or efforts towards compliance with NIST 800-171. Also, because these provisions flow down to subcontractors and supply chain, you'll likely get calls from your customers asking if you and your suppliers or vendors are incompliance with NIST 800-171. Failure to show proof of these compliance documents and progress towards compliance could result in your company losing contracts to competitors or others who are ensuring DFARS compliance.
What is the Fastest Solution to DFARS Compliance?
So what is the fastest method to proving DFARS compliance to your customers this year and moving forward? CyberStrong can export these documents in hours and is the platform within which you'll prove continuous compliance to all your contracts in-house with guarenteed acceptance. Contact us at CyberSaint for free guidance on what your options are and to get more information.