Home > Legal Updates > Insights So You Missed the December 31, 2017 NIST 800-171 Implementation Deadline?

Insights So You Missed the December 31, 2017 NIST 800-171 Implementation Deadline?

Defense Acquisition Regulation Supplement (“DFARS”) 252.204-7012 requires defense contractors to protect the security of Controlled Unclassified Information (“CUI”). NIST 800-171[1] defines the security requirements for protecting CUI in nonfederal information systems. NIST 800-171 details adequate cybersecurity measures for each of 110 security requirements that should be adopted by defense contractors and subcontractors. The NIST will help nonfederal entities, including contractors, to comply with the security requirements using the systems and practices they already have in place, rather than trying to use government specific approaches. It provides a standardized and uniform set of requirements for all CUI security needs, tailored to nonfederal systems, allowing nonfederal organizations to be in compliance with statutory and regulatory requirements, and to consistently implement safeguards for the protection of CUI.

Read More