Request Demo

DFARS, NIST Cybersecurity Framework

What to Do if You Missed the DFARS NIST SP 800-171 Deadline


Defense Acquisition Regulation Supplement (DFARS) 252.204-7012 requires defense contractors to protect the security of Controlled Unclassified Information (CUI). The issue now for these businesses is that the technical deadline for compliance with NIST 800-171 was December 31, 2017. So what's a contractor, subcontractor or supplier to do to secure its contracts?

What is 'DFARS'?

NIST 800-171 defines the security requirements for protecting CUI in nonfederal information systems. The DFARS 800-171 document details the needed security measures for each of 110 security requirements that defense contractors, subcontractors, and suppliers must adopt. Meeting the DFARS regulation helps nonfederal contractors and their supply chains to comply with the security requirements laid out in NIST special publication 800-171. Orgs in the defense supply chain are already sending out press releases about their successful compliance, and putting dfars compliance emblems on their websites to show due care and competitive edge.

The publication is tailored to nonfederal systems, so that these organizations know how to transmit, store and process the CUI that the Department of Defense doesn't want compromised.

What Counts as 'DFARS Compliant'? [Read our CASE STUDY on successful DFARS Compliance]

Subsequent guidance from the DoD shows that they understand that some smaller companies are having a hard time with this massive project. Thus, they're allowing these companies to have a POAM (Plan of Action and Mitigations) and SSP (System Security Plan) and show improvement to be 'conformant' for 2018. To demonstrate compliance with NIST SP 800-171, defense contractors must have these two compliiance documents ready for submission with every new and existing contract. 

What Are the Concequences for Avoiding NIST 800-171?

If your company is not already in compliance with DFARS 800-171, keep in mind the consequences that can sneak up on you fairly quickly. You will likely be restricted from contracting with the government in the near future unless you ensure compliance or efforts towards compliance with NIST 800-171. Also, because these provisions flow down to subcontractors and supply chain, you'll likely get calls from your customers asking if you and your suppliers or vendors are incompliance with NIST 800-171. Failure to show proof of these compliance documents and progress towards compliance could result in your company losing contracts to competitors or others who are ensuring DFARS compliance.

What is the Fastest Solution to DFARS Compliance?

So what is the fastest method to proving DFARS compliance to your customers this year and moving forward? CyberStrong can export these documents in hours and is the platform within which you'll prove continuous compliance to all your contracts in-house with guarenteed acceptance. Contact us at CyberSaint for free guidance on what your options are and to get more information.

You may also like

Why GRC Needs IRM
on February 15, 2019

Today, every organization strives to optimize the speed with which they access information. Data is being stored, processed, transmitted and utilized in almost every day-to-day ...

Alison Furneaux
Government Shutdown Cybersecurity ...
on February 12, 2019

In January, CyberSaint CEO George Wrenn penned his thoughts on the impact of the government shutdown. In his post, George foresaw the outcome of the shutdown not being a future ...

The Cybersecurity Skills Gap: The ...
on February 7, 2019

The cybersecurity skills gap is nothing new to the seasoned cyber professional. It has been widely discussed in cyber and information security circles for some time. The main flag ...

George Wrenn
The Post-Digitization CISO
on February 5, 2019

Information leaders in digital businesses, whether focusing on optimization or a full transformation, are inherently altering their position among the executive leadership. As ...

Integrated Risk Management and ...
on January 31, 2019

With technology permeating every aspect of a business, one begins to wonder what technology is reserved for digital risk management rather than the other facets of integrated risk ...

Department of Defense Launches ...
on January 29, 2019

The Defense Federal Acquisition Regulation Supplement (DFARS) mandate, specifically Clause 252.204-7012 requiring all members of the Department of Defense’s supply chain to comply ...