Your browser is out of date.

You are currently using Internet Explorer 7/8/9, which is not supported by our site. For the best experience, please use one of the latest browsers.

Request a Consultation
Scroll to Explore

Top 6 Challenges with DFARS and NIST 800-171 Compliance

Get Started

When organizations learn they must become DFARS & NIST 800-171 compliant, we encounter six common challenges that can unnecessarily become a roadblock on the way to compliance. Through our consulting practice, we coach organizations on the concrete strategies for overcoming these challenges.

For context, Defense Federal. Acquisition Regulation Supplement (DFARS) 252.204-7012 requires DoD contractors who collect, develop, receive, transmit, use, or store Controlled Unclassified Information (CUI) to be compliant with NIST SP 800-171. This requirement took effect on December 1, 2017. Contractors who bid on DoD contracts must agree to adequately protect CUI by complying with the DFARS


Top 6 Challenges with DFARS and NIST 800-171 Compliance:

1. Challenge #1 Vague Requirements

The NIST documentation includes vague requirements which can be approached in a variety of ways. What specific controls should be implemented at your organization to meet these vague requirements that are up for interpretation?

2. Challenge #2 Not Enough Time

I need to be compliant ASAP! How do I prioritize?

3. Challenge #3 Tight Budget

How do I minimize the cost of becoming compliant? How can I best leverage our existing technology infrastructure and reduce the amount of manpower associated with becoming compliant? 

4. Challenge #4 How to Mesh NIST 800-171 With Your Information Security Program?

NIST 800-171 does not deliver a comprehensive security program. NIST 800-171 does not address policies, procedures, third-party management and other critical security controls.

How do I ensure my security program not only addresses the CUI security risks, but also addresses risks to my other sensitive business information?

5. Challenge #5 NIST 800-171 is a Shifting Target

NIST 800-171 is an evolving document. The first version of was released in June 2015 and updated in January 2016. Revision 1 was released in December 2016 and introduced requirement 3.12.4, which is a non-trivial requirement. Organizations that have not updated their compliance program to address Revision 1 are at a greater risk of non-compliance.

6. Challenge #6 How Do I Maintain Compliance?

I'm confident I can become compliant, but I'm not sure how or when I will be audited. How do I maintain compliance to ensure I can pass an audit?


DFARS NIST White Paper Cover STOCK-2


TRUE has created a detailed white paper that walks you through how to address all six of these challenges. Download our white paper using the link below to learn more.