The deadline for NIST 800-171 compliance for defense contractors is “as soon as possible, but no later than Dec. 31, 2017.”
If your organization hasn’t already started on a roadmap to NIST compliance, further delays will impact your ability to think carefully about what you need and how to do it. Missing the deadline could mean losing your contracts.
Every organization is different, so step by step instructions to achieve DFARS compliance is seldom one size fits all, but a common starting point is understanding where CUI is stored, processed, and transmitted. It’s important you understand the requirements for documentation as well as the plan for incident response. A good place to start is reviewing your existing contracts. They may contain FAR 52.204-21 which can provide a very basic set of requirements.
Don’t risk your contracts! Contact Stronger to schedule a NIST gap assessment. Our trained professionals are DoD experts and are brutally honest about which controls need to be implemented, identifying those that may be partially implemented and controls that are not being done. We can provide you rapid response and expert insights on how to apply NIST 800-171 in a way that is effective for your organization’s risk profile. Then, once your gap assessment is complete, your organization will be ready to start closing those gaps and we can help you every step of the way. Don’t delay, NIST requirements can be complex and costly to implement especially on a large scale the longer you wait. Call Stronger today.
In short, there are 14 sections broken down into 110 required controls. The sections cover risk management and computer security principles that should be familiar to anyone working in information technology:
Stronger can offer help in 5 focus areas of services that will benefit both large and small contractors, and give smaller organizations the ability to understand the regulations and comply.
ENIST Executive Briefing/Training Seminars Understanding what the requirements are and what planning/best practices should be in place to comply.
Technical Training How to execute the plan. Performing a Gap Assessment and making the necessary changes needed for compliance.
Application Security Training All programmers and engineers who are involved with applications, coding, and websites need to understand the OWASP Top 10 and how the fundamentals of application development are integral to a complete security strategy and part of NIST 800-171 (3.13.2).
Security Awareness Training Security Awareness Training specifically focused on the NIST 800-171 training requirement but can be expanded by the organization as a platform to include other Security, Privacy and Compliance areas. This modular training is designed for all end-users and is a key element of a comprehensive security program that is required under NIST.
NIST-Ready Consulting FastTrack Specialized consultancy designed to help organizations achieve full compliance in a compressed time period tailored to the unique needs of your organization. Deep focus on helping your teams understand and comply with the NIST 800-171 regulations as they relate to your unique business. From policy writing and incident response plans to in-depth security upgrades and overhauls, Stronger is the perfect solution for any organization facing the headache and complexity of complying with the new NIST 800-171 requirements.