The NIST states: “All Department of Defense (DoD) contractors that process, store or transmit Controlled Unclassified Information (CUI) must meet the Defense Federal Acquisition Regulation Supplement (DFARS) minimum security standards by December 31, 2017 or risk losing their DoD contracts”. The DOD CIO has mandated that all companies and their subcontractors doing business with the Department of Defense must be in compliance with DFARS (Defense Federal Acquisition Regulation Supplement) 252.204-7012/NIST 800-171. Recently, as of November 30, 2020, certain U.S. Department of Defense (“DoD”) prime contractors and subcontractors will need to complete a cybersecurity self-assessment prior to receiving new DoD contracts and prior to the exercise of new options under existing DoD contracts. The Pentagon will require government contractors to submit a self-assessment of their compliance with the 110 controls in NIST Special Publication 800-171 starting Nov. 30, establishing a new cyber regime for contractors under the Defense Department that will have a wide-ranging impact on the DOD supply chain.
There are 110 controls across 14 areas of the NIST SP 800-171 that DoD Contractors must implement:
Termination for Default
Breach of Contract
Liquidated Damages
False Claims Act
To help monitor risk, we check the following forward-looking metrics
Questions to Ask:
1. How can government contractors accurately and cost effectively assess their cybersecurity compliance to NIST SP 800-171?
2. What actions do U.S. government contracting officers plan to take if government contractors fail to comply with the DFARS 252.204-7012 (NIST SP 800‑171 compliance requirement) after the Dec. 31, 2017, deadline?
3. How should government contractors pay for this additional cybersecurity compliance expense?
4. Do I have to purchase cybersecurity liability insurance?
5. Will prime government contractors be held contractually responsible and financially liable for cyber-related damages caused by their subcontractors and/or third-party partners’ failure to comply with NIST SP 800-171?
6. How can government contractors staff and retain high-quality cybersecurity talent to meet the increasing number of government information security compliance standards when considering the highly competitive marketplace and global shortage of cybersecurity professionals today?
Our mission is to empower companies to successfully manage global cybersecurity risks, vulnerabilities, and compliance requirements.
RB Advisory LLC is a cybersecurity advisory firm with headquarters in Winter Park, Florida. Our business model is designed to help ALL companies, public and private, with IT security and compliance issues. The services we provide are custom designed for all companies, to secure platforms, networks, IoT, social, and cloud platforms in all industries.