Request Demo

DFARS, NIST Cybersecurity Framework

What to Do if You Missed the DFARS NIST SP 800-171 Deadline

down-arrow

Defense Acquisition Regulation Supplement (DFARS) 252.204-7012 requires defense contractors to protect the security of Controlled Unclassified Information (CUI). The issue now for these businesses is that the technical deadline for compliance with NIST 800-171 was December 31, 2017. So what's a contractor, subcontractor or supplier to do to secure its contracts?

What is 'DFARS'?

NIST 800-171 defines the security requirements for protecting CUI in nonfederal information systems. The DFARS 800-171 document details the needed security measures for each of 110 security requirements that defense contractors, subcontractors, and suppliers must adopt. Meeting the DFARS regulation helps nonfederal contractors and their supply chains to comply with the security requirements laid out in NIST special publication 800-171. Orgs in the defense supply chain are already sending out press releases about their successful compliance, and putting dfars compliance emblems on their websites to show due care and competitive edge.

The publication is tailored to nonfederal systems, so that these organizations know how to transmit, store and process the CUI that the Department of Defense doesn't want compromised.

What Counts as 'DFARS Compliant'? [Read our CASE STUDY on successful DFARS Compliance]

Subsequent guidance from the DoD shows that they understand that some smaller companies are having a hard time with this massive project. Thus, they're allowing these companies to have a POAM (Plan of Action and Mitigations) and SSP (System Security Plan) and show improvement to be 'conformant' for 2018. To demonstrate compliance with NIST SP 800-171, defense contractors must have these two compliiance documents ready for submission with every new and existing contract. 

What Are the Concequences for Avoiding NIST 800-171?

If your company is not already in compliance with DFARS 800-171, keep in mind the consequences that can sneak up on you fairly quickly. You will likely be restricted from contracting with the government in the near future unless you ensure compliance or efforts towards compliance with NIST 800-171. Also, because these provisions flow down to subcontractors and supply chain, you'll likely get calls from your customers asking if you and your suppliers or vendors are incompliance with NIST 800-171. Failure to show proof of these compliance documents and progress towards compliance could result in your company losing contracts to competitors or others who are ensuring DFARS compliance.

What is the Fastest Solution to DFARS Compliance?

So what is the fastest method to proving DFARS compliance to your customers this year and moving forward? CyberStrong can export these documents in hours and is the platform within which you'll prove continuous compliance to all your contracts in-house with guarenteed acceptance. Contact us at CyberSaint for free guidance on what your options are and to get more information.

You may also like

Marriott Breach Points To Issue In ...
on December 13, 2018

On Friday, November 30th, Marriott International announced what could be one of the largest data breaches in history. Over 500 million guests’ personal data, ranging from names to ...

The Key To Turning Your Security ...
on December 13, 2018

It is often said, “if you don’t want something noticed, don’t talk about it”. This is true of a bad GPA, a stain on a carpet, or a project you might have missed a deadline for. ...

Solving The Cybersecurity Skills ...
on December 6, 2018

It is no shock to those in the cyber community that cybersecurity has become a board-level issue for many enterprises. A PwC survey showed a 20% increase in CEO’s concern over ...

The Next Wave Of Innovation For ...
on December 12, 2018

   The internet of things (IoT) is a force transforming the modern enterprise. Anything from robotics in warehouses to smart manufacturing to data center monitoring, the ...

The Corporate Compliance and ...
on December 4, 2018

Corporate compliance and oversight (CCO) is one of the main pillars to a strong integrated risk management (IRM) program and solution. Today, compliance leaders are faced with a ...

Securing the AI powered enterprise
on December 5, 2018

Machine learning and artificial intelligence (AI) has become the competitive differentiator of our time. By 2020, Gartner predicts that almost all new products to enter the market ...