DoD has issued two additional guidance memoranda in the last 60 days further solidifying the DoD intent to enforce compliance. Contractors should be actively be addressing NIST 800-171 compliance.
Compliance with DFARS 252.204-7012 & NIST 800-171; Expect 2019 to be the year of audit and enforcement
In 2019 Prime and Subcontractors can expect to be audited against actual implementation the DFARS 252.204-7012 & NIST 800-171 security requirements. For those taking a wait and see approach to the impact of your ability to do business with the DoD without implementing NIST 800-171; you just got your answer, 2019 will be a year of reckoning for non-compliant Prime and subcontractors. With the ability to request a contractor’s plan to track flow down of Covered Defense Information (CDI) and request the contractor’s plan to assess the compliance of their own suppliers, Prime contractors are expected to document and demonstrate enforcement of their own supply chain’s compliance. If you have delayed documenting your SSP, POA&Ms or actually implementing the NIST 800-171 requirements, CyberSheath can lead your efforts to achieve compliance by conducting a gap assessment of your compliance with NIST 800-171, writing the required System Security Plan (SSP) and leading your implementation efforts.
As a subcontractor on a Department of Defense contract, you have likely had flow down requirements from your primes related to DFARS clause 252.204-7012, commonly referred to as NIST 800-171. Learn more about these two requirements and achieve compliance before the December 2017 mandate.
Cybercriminals are constantly looking for ways into your system.
Companies are becoming increasingly enamored with the advantages offered by cloud computing. However, many mistakenly assume that once you upload your data, it’s up to the cloud service provider (CSP) to keep it all safe and sound.