- Access Control
- Awareness and Training
- Audit and Accountability
- Configuration Management
- Identification and Authentication
- Incident Response
- Media Protection
- Personnel Security
- Physical Protection
- Risk Assessment
- Security Assessment
- System and Communications Protection
- System and Information Integrity
DFARS Changes Require Immediate Action
Department of Defense contractors are subject to requirements put forth in the Defense Federal Acquisition Regulation Supplement (DFARS). Updated in December, 2015, DFARS 225.204-7012 requires contractors to implement NIST Special Publication 800-171 standards as soon as possible, but no later than December, 2017, to protect covered defense information / controlled unclassified information. The new requirements specify that contractors must notify the Office of the DoD CIO within 30 days of an award of any SP800-171 requirements not being met by the contractor organization. SP800-171 is a derivative of SP800-53.
What are the requirements of Special Publication 800-171?
Special Publication 800-171 includes 109 controls split among 14 control families. These control families cover all critical aspects of information security:
Our staff are experts at assessing organizational compliance against the NIST frameworks, including SP800-171. We help DoD contractors document their existing environments, outline compliance gaps, and help build remediation plans. We have proprietary templates and toolkits designed specifically for DFARS compliance.