What is NIST 800-171 and DFARS 252.204-7012?

Unraveling the compliance requirements of NIST 800-171 and DFARS 252.2047012 can be complex. The consequences of not complying, however, can be serious: breach of contracts, liquidated damages and termination of contracts are all real possibilities, now that the deadline for compliance (December 31, 2017) has officially passed.

DFARS 252.204-7012 was structured to ensure that unclassified DoD information residing on a contractor’s internal information system is safeguarded from cyber incidents, and that any consequences associated with the loss of this information are assessed and minimized via the cyber incident reporting and damage assessment processes. For most contractors, your obligations align with NIST 800-171, a set of 14 families of requirements that then break out to 110 individual requirements.

So where do you start?

C3 can help. As one of the few Microsoft partners currently authorized to resell GCC High (which meets both NIST 800-171 and the more stringent DFARS 252.204-7012 requirements) for contractors with less that need less than 500 licenses, C3 can help guide you through the options available to meet compliance. In addition, our relationship with Microsoft gives us insight in how to translate the details of the Microsoft Trust Center and which products will meet your needs.

For more details, take a look at C3’s recent blog post on NIST 800-171 and DFARS 252.204-7012

For more information about how you can become compliant with NIST 800-171 and DFARS 7012, contact us at info@c3isit.com.

Contact us at 571-384-7950 or info@c3isit.com to put the power of the cloud to work for your business.