DFARS Cybersecurity Requirements: NIST 800-171 Compliance for Government Contractors

calendar iconSeptember 18, 2019

Recent Defense Federal Acquisition Regulation Supplement (“DFARS”) clause updates mandate that many Department of Defense (“DoD”) government contractors comply with the National Institute of Standards and Technology (“NIST”) Special Publication (“SP”) 800-171 standards. NIST SP 800-171 is a set of 110 security requirements that has a goal of improving the protection of Controlled Unclassified Information (“CUI”) and/or Covered Defense Information (“CDI”) between the Federal government and contractors. These requirements are referenced and added to DoD contracts using the DFARS 252.204-7012 regulation.

While the original deadline was December 31, 2017, this requirement is still valid today as a result of new Request for Proposals and/or modifications to existing contracts. In addition, NIST 800-171 Revision 2 is currently in review and will add additional control requirements.

Neal Beggan, Principal in Cherry Bekaert’s Risk Assessment Services Practice joins Susan Moser for a discussion on the NIST 800-171 requirement, who it applies to and when companies need to be in compliance.

To assist government contractors with compliance, Cherry Bekaert’s IT Audit & Consulting Service group provides GAP assessment and analysis, documentation and remediation services. We have the expertise and experience to guide you forward and are happy to start a conversation with you. Contact Neal Beggan to get started!

Related Podcasts
Adequate Accounting Systems Requirements for Government Contractors
Has Your Government Contractor Business Outgrown Your Accounting System?
VOSB and SDVOB Changes that Government Contractors Need to Know