By now most people who do business with the Department of Defense (DoD) likely understand their obligations under the Defense Acquisition Regulations Supplement (DFARs) clause 252.204-7012. If you process, store or transmit “covered defense information,” you probably need to comply with the National Institute of Standards and Technology (NIST) Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.
If you do business with DoD – even indirectly as a subcontractor – and you weren’t aware of that compliance requirement, you have some reading to do. Because the deadline for compliance was December 31, 2017.
But, take heart – a lot of organizations are behind.
In December 2016, the National Institute of Standards and Technology published its first revision of Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. The Defense Federal Acquisition Regulation Supplement (DFARS) mandates NIST 800-171 compliance for many defense contractors. The Department of Education strongly encourages NIST 800-171 compliance for organizations subject to the Gramm Leach Bliley Act. And numerous other federal organizations selectively include 800-171 requirements in various contracts.
Lunarline has developed a flexible approach to 800-171 compliance that can scale up or down to meet the unique needs of organizations based on their size, scope, complexity and sensitivity of data under their control. This approach lets you mix, match and deploy products and services at all costs and internal capabilities levels to create a custom approach to 800-171.
All 800-171 engagements include access to our 800-171 training provided online via the Lunarline School of Cybersecurity LaunchPadTM. This 90-minute, module-based online training will get you and your team up to speed on DFARs/800-171 compliance. It includes specific technical examples to help you understand and solve common 800-171 compliance challenges.
Quick Start Workshop
For organizations that want a little more hands on help, Lunarline created the Quick Start Compliance Workshop to help organizations tackle NIST 800-171 rev 1 implementation. A gap analysis on steroids, the Quick Start Compliance Program combines training, 800-171 consulting, and technical action planning necessary to implement 800-171 security controls. At the conclusion of this engagement, we provide an action plan, templates and 800-171 checklists that you can use to cost-effectively achieve full compliance.
Technical Continuous Monitoring
For organizations with demanding technical requirements, Lunarline’s Managed Active Response Security (MARS) Team provides a cost-effective continuous monitoring solution. MARS operates 24x7x365 from CONUS locations using cleared personnel under an existing federal Authority to Operate. It provides the tools, continuous monitoring and incident response capabilities necessary satisfy the most challenging compliance requirements. MARS maps to every 800-171 technical control to provide a managed solution to DFARs compliance.
Fully Outsourced NIST 800-171 Compliance Support
If you would prefer to simply outsource DFARS / NIST 800-171 compliance to Lunarline, we’re ready to take over. We’ll determine your gaps, develop documentation and implement technical controls. And the MARS Team can provide the 24x7x365 security monitoring you need to maintain compliance and protect sensitive data.
Still Haven’t Complied? You’re Not Alone
Lots of organizations are still struggling to comply with NIST 800-171. But with the DoD taking a closer look at compliance posture, it’s time to catch up. Contact us to get started today.