What you Need to Know About the NIST Regulations

In recent years, the Department of Defense, along with several other federal agencies, have grown increasingly concerned about the state of information security within the non-federal systems and organizations with which it does business. While many businesses fulfill contracts with the DoD without handling classified information, even unclassified documents can be sensitive enough to pose a risk to information security.

Responding to these concerns, the National Institute of Standards and Technology issued a series of regulatory guidelines designed to help businesses contracting with the federal government better protect this sensitive data. These protocols are known as NIST SP800–171.

Businesses who intend to continue fulfilling DoD contracts—as well as those who hope to fulfill such contracts in the future—must meet these standards to qualify. Achieving NIST SP800–171 compliance will also help businesses prepare for upcoming Cybersecurity Maturity Model Certification (CMMC) requirements.

If your business is in this position, we’ve assembled a list of FAQs to help you understand these regulations and what they mean for your business.

  • What are these regulations for defense contractors I’m hearing about?

  • What is NIST SP 800-171?

  • How does DFARS 252.204-7012 relate to NIST SP 800-171?

  • What is Controlled Unclassified Information (CUI)?

  • How will the federal government enforce and monitor these regulations?

  • How are these federal enforcement strategies related?

  • What DFARS clauses can I expect to find in my contracts?

  • If these went into effect on December 31, 2017, why am I only hearing about them now?

  • How do I show that I’m compliant?

  • What happens if I’m not compliant?

  • What kind of commitment is required to meet this standard?

  • What should my next steps be?

Make Your Next Move Toward NIST Compliance.

If your business intends to handle DoD contracts, it is essential that you begin taking the steps necessary to meet NIST SP800–171 compliance standards as soon as possible.

Contact us through the form below to learn more about our compliance services. Or, if you would like to discuss NIST SP800–171 regulations with your team, we suggest downloading a PDF version of our FAQ page.

Need to Print and Save For Later?

Just download and print this FAQ for your later needs.

  • This field is for validation purposes and should be left unchanged.

Contact Us to Learn More

Have questions? We have answers.

  • This field is for validation purposes and should be left unchanged.