When organizations learn they must become DFARS & NIST 800-171 compliant, we encounter six common challenges that can unnecessarily become a roadblock on the way to compliance. Through our consulting practice, we coach organizations on the concrete strategies for overcoming these challenges.
For context, Defense Federal. Acquisition Regulation Supplement (DFARS) 252.204-7012 requires DoD contractors who collect, develop, receive, transmit, use, or store Controlled Unclassified Information (CUI) to be compliant with NIST SP 800-171. This requirement took effect on December 1, 2017. Contractors who bid on DoD contracts must agree to adequately protect CUI by complying with the DFARS
Top 6 Challenges with DFARS and NIST 800-171 Compliance:
1. Challenge #1 Vague Requirements
The NIST documentation includes vague requirements which can be approached in a variety of ways. What specific controls should be implemented at your organization to meet these vague requirements that are up for interpretation?
2. Challenge #2 Not Enough Time
I need to be compliant ASAP! How do I prioritize?
3. Challenge #3 Tight Budget
How do I minimize the cost of becoming compliant? How can I best leverage our existing technology infrastructure and reduce the amount of manpower associated with becoming compliant?
4. Challenge #4 How to Mesh NIST 800-171 With Your Information Security Program?
NIST 800-171 does not deliver a comprehensive security program. NIST 800-171 does not address policies, procedures, third-party management and other critical security controls.
How do I ensure my security program not only addresses the CUI security risks, but also addresses risks to my other sensitive business information?
5. Challenge #5 NIST 800-171 is a Shifting Target
NIST 800-171 is an evolving document. The first version of was released in June 2015 and updated in January 2016. Revision 1 was released in December 2016 and introduced requirement 3.12.4, which is a non-trivial requirement. Organizations that have not updated their compliance program to address Revision 1 are at a greater risk of non-compliance.
6. Challenge #6 How Do I Maintain Compliance?
I'm confident I can become compliant, but I'm not sure how or when I will be audited. How do I maintain compliance to ensure I can pass an audit?
DOWNLOAD OUR WHITE PAPER:
TRUE has created a detailed white paper that walks you through how to address all six of these challenges. Download our white paper using the link below to learn more.