NIST 800-171 Compliance

Multi-Year Compliance Guaranteed!

By using our Compliance As a Service for NIST 171, you will know up to the minute on where your business is. Varpath will take the guesswork out of audit time. Even better, you’ll know ahead of time. We will get you on track for compliance with the Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS).

FAR is a set of regulations that governs all acquisitions and contracting procedures associated with the U.S. government. DFARS accompanies FAR as an addition. The Department of Defense (DoD) is the administrative body behind DFARS, but DFARS requirements extend to more than that organization.

NIST SP 800-171 provides recommended requirements for protecting the confidentiality of controlled unclassified information (CUI).  Note, this is not classified information, this is unclassified. But there is still a standard for protecting it that you MUST abide by in order to keep your certification. Defense contractors MUST implement the recommended requirements contained in NIST SP 800-171. This is absolutely necessary if a manufacturer is part of a DoD, General Services Administration (GSA), NASA or other federal or state agencies’ supply chain.

Where to start?

You may be wondering about where to start with NIST SP 800-171. The first thing you should consider is that being DFARS compliant likely involves working with a cybersecurity consultant. How are you going to pay for this service? Will it be a one time payment that you’ll need to renew the next time you need compliance? Or will you pay for a service that keeps your compliance up to date? There are benefits and costs to both approaches.

Obviously one time compliance will be the cheaper route to start with. However compliance as a service can be budgeted and is more likely the better choice if your compliance needs are not going to go away. If you only needed to get compliance under wraps for a single customer or solution, you are lucky. Once most companies start down a compliance track, it is usually more affordable to stay compliant going forward.

What’s the plan?

Manufacturers retaining their DoD, GSA, NASA and other federal and state agency contracts must have a plan that meets the requirements of NIST SP 800-171. DFARS cybersecurity clause 252,204-7012 went into effect on Dec. 31, 2017, and deals with processing, storing or transmitting CUI that exists on non-federal systems — such as those used by a government contractor.

One of the first steps manufacturers should take is to identify where gaps exist that prevent them from being compliant with DFARS. From that point, they can determine how to proceed.

Once you know where to start…

The requirements for NIST 800-171 are not as bad as you might think. They are well regimented and allow for a smart organization to move quickly.

Get started today! Contact our experts now!