The National Institute of Standards and Technology SP 800-171 is a set of standards that define how to protect and distribute material that is sensitive but not classified. The Special Publication is a mandate for contractors serving local and federal governments and the deadline for compliance with DFARS and SP 800-171 was December 31, 2017. It lists over 100 security requirements within 14 control categories that must be adhered to. This is the first security mandate that many of the sub-contractors it affects have had to deal with.
DFARS/SP 800-171 is pertinent to both prime and sub-contractors who have defense contracts or are hoping to win new defense contracts. If the contract contains an applicable regulation, a contractor agrees that they are compliant with SP 800-171 when they sign it. Complying with SP 800-171/DFARS is an ongoing process and not a one-time thing.
Contractors that have not yet implemented all of the controls need to have a written explanation of how each specific control they do not meet is not applicable to them or an alternative control that is being used to achieve the same results. All 110 controls must be implemented or you must have a written plan in place to implement the controls in a timely fashion.
Contact us to learn more about getting a NIST 800-171/DFARS Compliance assessment completed to see where you stand.