What is NIST 800-171 and DFARS 252.204-7012?
Unraveling the compliance requirements of NIST 800-171 and DFARS 252.204–7012 can be complex. The consequences of not complying, however, can be serious: breach of contracts, liquidated damages and termination of contracts are all real possibilities, now that the deadline for compliance (December 31, 2017) has officially passed.
DFARS 252.204-7012 was structured to ensure that unclassified DoD information residing on a contractor’s internal information system is safeguarded from cyber incidents, and that any consequences associated with the loss of this information are assessed and minimized via the cyber incident reporting and damage assessment processes. For most contractors, your obligations align with NIST 800-171, a set of 14 families of requirements that then break out to 110 individual requirements.
So where do you start?
C3 can help. As one of the few Microsoft partners currently authorized to resell GCC High (which meets both NIST 800-171 and the more stringent DFARS 252.204-7012 requirements) for contractors with less that need less than 500 licenses, C3 can help guide you through the options available to meet compliance. In addition, our relationship with Microsoft gives us insight in how to translate the details of the Microsoft Trust Center and which products will meet your needs.
For more details, take a look at C3’s recent blog post on NIST 800-171 and DFARS 252.204-7012