- Cyber Security Services
- Compliance Services
- IT Risk and Audit Services
- Contact Us
Contractors and subcontractors that work on Federal contracts for the Department of Defense (DoD) must demonstrate their ability to maintain the security and privacy of Controlled Unclassified Information (CUI). To demonstrate compliance, the Department of Defense has required these individuals and organizations to comply with the requirements outlined in the Defense Federal Acquisition Regulation Supplement (DFARS).
DFARS specifies the requirements, related to Controlled Unclassified Information, that any contractor or subcontract that works on a DoD contract must adhere to relative to their information systems. As a part of this requirement, the the prescribed requirements for an organization to assess against comes from NIST SP 800-171 - "Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations."
According to NIST SP 800-171, there are 14 control families and associated controls that must be implemented and documented. Those 14 control families include:
NIST SP 800-171 Risk Assessment - Assess your current level of compliance with NIST SP 800-171 and identify and prioritize the key work areas that your organization must address to achieve and/or maintain compliance with the regulation.
As Information Security and the protection of Controlled Unclassified Information continues to be of concern, choosing the right partner to assess your organization's internal controls can mean the difference between being awarded a DoD contract or missing out. Contact us today to learn more about how we can assist your organization with DFARS Compliance through NIST SP 800-171.