In December 2015 (2 years ago), DFARS 225.204-7012 required DoD contractors to implement NIST 800-171 “as soon as practical, but not later than December 31, 2017. That is this month! This deadline is now less than 30 days away, and many contractors are not complaint. What is worse, is that many have not taken steps to begin to comply, putting their business at risk.
There is a lot of debate over what is and what is not Controlled Unclassified Information (CUI), and many small businesses think they do not have to comply because they are subcontractors, or they think they don’t hold any CUI. However, the problem is that the big, multi-billion dollar DoD prime contractors (you know who they are) are not taking ANY chances with NIST 800-171 at all. If you are a government contractor and you fall anywhere within the DoD supply chain, you need to comply with NIST 800-171.
For more information on compliance and what you can do from a technology perspective, please contact us at OptfinITy.