The U.S. Department of Defense (DoD) identifies cybersecurity as critical to the way the entire nation functions. Protection of America’s cyber infrastructure is so critical that as of December 31, 2017, federal defense contractors which process, store or transmit Controlled Unclassified Information (CUI) must meet the Defense Federal Acquisition Regulation Supplement (DFARS) minimum security standards. The Mississippi Defense Initiative conducted a cybersecurity labor study in 2019 to better understand the state of Mississippi’s supply and demand of cybersecurity professionals.
This link points to the actual Defense Federal Acquisition Regulation Supplement clause 252.204-7012. Those using this link would want a concrete understanding of what the clause actually says.
In DFARS 252.204-7012, NIST Special Publication 800-171 is highlighted as the set of security requirements necessary to achieve “adequate security” for systems that will interact with covered defense information (CDI).
NIST Special Publication 800-171A provides guidelines for how a cyber security assessment for NIST 800-171 should be conducted. It can be used to identify the types of questions and the level of rigor that can be used for an assessment.
The NIST Handbook 162 is a guide that provides information needed to understand NIST Special Publication 800-171 in less technical language. It gives explanations about how controls from each of the 14 families outlined in NIST 800-171 can be addressed and the types of questions to ask during an assessment.
This video provides an overview of the requirements for defense contractors outlined in NIST Special Publication 800-171. It describes the NIST Manufacturing Extension Partnership (MEP) three step process for compliance and helps attendees to gain a better understanding of the NIST 800-171 and NIST Handbook 162 publications.
The NIST Small Business Cybersecurity Corner aims to provide companies with cybersecurity guidance, solutions, and training that is practical actionable, and enables them to cost-effectively address and manage their cybersecurity risks.