NIST SP 800-171 Compliance Implementation
The DoD has released new guidance for assessing contractor compliance with NIST SP 800-171. NIST SP 800-171 is a set of standards that define how to protect and distribute material that is sensitive but not classified. NIST SP 800-171 lists over 100 security requirements within 14 control categories.
What Does The Guidance Say
The first document is “Guidance for Assessing Compliance of and Enhancing Protections for a Contractor’s Internal Unclassified Information System." This document provides guidance to requiring activities on assessing the risks in a contractor's internal network, assessing offeror's implementation of security requirements, assessing implementation of NIST SP 800-171 and confirming contractor's self-verification of compliance.
The second document is "DoD Guidance for Reviewing System Security Plans and the NIST SP 800-171 Security Requirements Not Yet Implemented." This document provides guidance to help contractors assess the risks that security controls left unimplemented have on their systems and to help prioritize which unimplemented controls should be addressed first.
How It Affects Contractors
The new guidance released addresses that they will be making sure all contractors are implementing NIST SP 800-171 and DFARS requirements. Failure to comply with the requirements will likely result in the loss of contracts.
How Peerless Can Help
Our certified security team is experienced in NIST compliance and is qualified to assist you and your organization in becoming NIST SP 800-171 compliant. NIST SP 800-171 compliance often calls for significant internal network changes which may seem daunting to individuals whom are not familiar with the specific controls detailed in NIST SP 800-171 security documents. We provide to you the tools, knowledge, and expertise required to implement and maintain NIST compliance. Contact us today to learn more.
