NIST SP 800-171 Implementation

Many small defense contractors are in a state of panic over DFARS 252.204-7012 and NIST SP 800-171.They are required to be in compliance with these requirements, but getting there seems impossible. The requirements might appear to have been designed for companies that have teams of IT personnel and a fat bank account. A small company with a tiny IT department can easily look at these requirements and totally freak out.

​

For the small company to implement this requires some creative solutions, but even with that, it will also take many hours and some financial investment. Few companies, large or small, will be able to achieve conformance to the requirements without some pain. The Department of Defense is setting this standard as a new bar that must be met in order for many companies to receive new awards. So, this requires that the company decide whether the pain of implementation is worth it.

​

It should also be considered that the investment made to implement NIST SP 800-171 will actually improve the security of your company's systems. As these things are done, the company will be come better protected against ransomware, theft of trade secrets and other forms of cyber-crime. So, the investments are not going down the toilet. Many knowledgeable IT people will recognize most of the implementation steps as things that they always wished they could get the time or money to implement for the security of the company.

​

While implementation won't be easy, it is essential for ongoing Department of Defense business and has the added benefit of reducing the likelihood of a disastrous cyber incident. We have tools available to ease the process. check out the implementation guide written specifically for the smaller business.

​

​