Recent FAR and DFARS clause updates mandate that many government contractors comply with these IT security standards by December 31, 2017.
NIST SP 800-171 requirements are referenced and added to DoD contracts using the DFARS 252.204-7012 regulation. However, not just DoD contracts require compliance. If you provide services to the U.S. federal government, you must provide documentation and evidence as to how your organization is protecting information systems which contain government data – which includes your accounting and purchasing systems!
Don’t think you are safe just because you don’t have a DoD contract today – a universal FAR ruling will eventually replace the DFAR and expand the scope to ALL Federal agencies and contractors.
Please contact Sara Crabtree or Neal Beggan with questions or to schedule your consultation. The deadline to comply is rapidly approaching.