In December 2016, NIST released a new version of NIST SP 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.” This cybersecurity standard is mandated for many U.S. Defense contractors under DFARS 252.204-7012. With many organizations working very hard on gaining compliance, this new revision of the standard comes as a surprise. Thankfully, the substantive changes are minimal.

This new revision outlines the contractors need for a system security plan, a document that describes how the various requirements are being met. Additionally, organizations need to document plans of action that describe how how and non-compliant requirements will be met. This documentation may be requested by federal representatives and become part of a contract award decision criteria.

More specifics will be discussed in later postings.

Go to http://nist-sp-800-171.com for more information and tools to address your implementation needs.