DFARS clauses reference NIST 800-171, inheriting controls from NIST 800-53.
- DFARS outlines contractual obligations for Department of Defense contractors handling Controlled Unclassified Information (CUI). It specifies the need to implement security requirements defined in NIST 800-171.
- NIST 800-171 provides a set of security controls for protecting CUI in nonfederal systems and organizations. These controls are directly derived and adapted from the broader security controls in NIST 800-53.
- NIST 800-53 is a general publication detailing security and privacy controls for information systems and organizations. It is a foundation for other cybersecurity frameworks, including NIST 800-171.
Therefore, to achieve compliance with DFARS requirements, you'd typically map the controls outlined in NIST 800-171 to your organization's security practices. NIST 800-171 controls directly reference the corresponding controls in NIST 800-53, making mapping easier.
CyberSaint can help you map the Defense Federal Acquisition Regulation Supplement (DFARS) framework to the NIST framework.
Return to NIST Glossary