Is your company a prime or sub for Department of Defense contracts?
Would you like that to continue?
If you answered yes to both of these questions, you need to know about Defense Federal Acquisition Regulation Supplement (DFARS) clause 225.204-7012 and its potential impact on your business.
As of December 2015, DFARS 225.204-7012 requires contractors to implement NIST Special Publication (SP) 800-171 standards “as soon as practical, but not later than December 31, 2017.” The title of NIST SP 800-171, Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations, should give you a sense of what is behind this directive. In practical terms, the Department of Defense (DoD) is telling its contractor community that if you want to be allowed to receive information determined by DoD to be of a sensitive nature, you must provide assurance to DoD that your own IT systems will provide an acceptable level of security for that information.
Failing to do so after 2017 will preclude you from contracting with DoD and may leave awarded bids up for contest. Please contact us if your organization would like assistance with this process.