- Contact Us
Contractors and subcontractors that work on Federal contracts for the Department of Defense (DoD) must demonstrate their ability to maintain the security and privacy of Controlled Unclassified Information (CUI). To demonstrate compliance, the Department of Defense has required these individuals and organizations to comply with the requirements outlined in the Defense Federal Acquisition Regulation Supplement (DFARS).
DFARS specifies the requirements, related to controlled unclassified information, that any contractor or subcontract that works on a DoD contract must adhere to relative to their information systems. As a part of this requirement, the the prescribed requirements for an organization to assess against comes from NIST SP 800-171 - "Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations".
According to NIST SP 800-171, there are 14 control families and associated controls that must be implemented and documented. Those 14 control families include:
As information security and the protection of controlled unclassified information continues to be of concern, choosing the right partner to assess your organization's internal controls can mean the difference between being awarded a DoD contract or missing out. Contact us today to learn more about how we can assist your organization with DFARS compliance through NIST SP 800-171.