National Institute of Standards and Technology's (NIST) Special Publication (SP) 800-171 outlines cybersecurity-related requirements government contractors. The U.S. Department of Defense (DOD) published a three-page interim rule to the Defense Federal Acquisition Regulation Supplement (DFARS).
These requirements protect the confidentiality of Controlled Unclassified Information (CUI) in non-federal systems and organizations. If you are a government contractor, failure to meet these requirements will result in the loss of your contracts.
The federal government is placing an ever-increasing emphasis on addressing cybersecurity threats. Any organization doing business with the federal government should expect these types of requirements to continue to evolve and intensify.
Download Solution Brief
As of January 1, 2018, government contractors are expected to have implemented the requirements of NIST 800-171.
If an audit determines a failure to meet the requirements of NIST 800-171, consequences may include criminal, civil,
administrative, or contract penalties – including termination of contracts.
Take our NIST 800-171 compliance quiz to better understand if you’re compliant.
NIST has 14 sections broken down into 110 required controls. Organizations can implement a variety of potential security solutions, either directly or through the use of managed services, to satisfy the requirements.