Your browser is out of date.

You are currently using Internet Explorer 7/8/9, which is not supported by our site. For the best experience, please use one of the latest browsers.

Request a Consultation

Top Six Challenges with DFARS and NIST 800-171 Compliance Cerberus Sentinel Blog

When organizations learn they must become DFARS & NIST 800-171 compliant, we encounter six common challenges that can unnecessarily become a roadblock on the way to compliance. Through our consulting practice, we coach organizations on the concrete strategies for overcoming these challenges.

For context, Defense Federal. Acquisition Regulation Supplement (DFARS) 252.204-7012 requires DoD contractors who collect, develop, receive, transmit, use, or store Controlled Unclassified Information (CUI) to be compliant with NIST SP 800-171. This requirement took effect on December 1, 2017. Contractors who bid on DoD contracts must agree to adequately protect CUI by complying with the DFARS.

Below we discuss the top six challenges to DFARS and NIST compliance. 

Challenge 1: Vague Requirements

The NIST documentation includes vague requirements that can be approached in a variety of ways. What specific controls should be implemented at your organization to meet these vague requirements that are up for interpretation?

Challenge 2: Not Enough Time

I need to be compliant ASAP! How do I prioritize?

Challenge 3: Tight Budget

How do I minimize the cost of becoming compliant? How can I best leverage our existing technology infrastructure and reduce the amount of manpower associated with becoming compliant? 

Challenge 4: How to Mesh NIST 800-171 With Your Information Security Program?

NIST 800-171 does not deliver a comprehensive security program. NIST 800-171 does not address policies, procedures, third-party management, and other critical security controls.

How do I ensure my security program not only addresses the CUI security risks but also addresses risks to my other sensitive business information?

Challenge 5: NIST 800-171 is a Shifting Target

NIST 800-171 is an evolving document. The first version was released in June 2015 and updated in January 2016. Revision 1 was released in December 2016 and introduced requirement 3.12.4, which is a non-trivial requirement. Organizations that have not updated their compliance program to address Revision 1 are at a greater risk of non-compliance.

Challenge 6: How Do I Maintain Compliance?

I'm confident I can become compliant, but I'm not sure how or when I will be audited. How do I maintain compliance to ensure I can pass an audit?



TRUE has created a detailed white paper that walks you through how to address all six of these challenges. Download our white paper using the link below to learn more.

Ask A Question