Tag Archives: NIST SP 800-171

Small Defense Contractors – Are You Ready For NIST SP 800-171?

The Network Penetration Reporting and Contracting for Cloud Services Rule was the subject of two interim rules published Aug. 26, 2015 (80 FR 51739) and Dec. 30, 2015 (80 FR 81472), before being published as a final rule Oct. 21, 2016 (81 FR 72986), and clarified by DoD through answers to Frequently Asked Questions (FAQs), published Jan. 27, 2017.

The Rule requires that contractors “implement NIST SP 800-171, as soon as practical, but … Read More

Will the New DoD Cybersecurity Regulations Cause a New Wave of Protest Disputes?

The new DoD cybersecurity regulations require contractors to implement the security requirements specified by the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations,” not later than Dec. 31, 2017. DFARS, 252.204-7008(c)(1).

However, a contractor may propose to vary from the NIST SP 800-171 requirements under two circumstances. Under DFARS 252.204-7008(c)(2), a contractor may propose to vary from the security requirements specified by NIST SP 800-171 through a … Read More

LexBlog