If you’re a federal government contractor, you might already know you need to conform to the updated cybersecurity standards outlined in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Non-Federal Information Systems and Organizations.”
If that bit of government-speak has you perplexed, don’t worry. We’re here to guide you through the bureaucratic maze. We’ll explain what this means for your business and how to make sure you meet the requirements.
Federal Cybersecurity Requirements
Federal government agencies — including Defense, NASA and the General Services Administration, among others — have to meet cyber-security measures for how they handle certain information. That means any contractors or subcontractors who do business with those agencies also have to meet these new requirements.
Most contractors regularly process, store and transmit sensitive federal information in their IT systems as part of their role in delivering essential products and services to federal agencies. The government is now stepping up protections for that sensitive federal information.
Non-Federal Organization (NFO) controls mandated by NIST SP 800-171 affect the following categories:
- Planning
- Acquisition
- Configuration Management
- Identification and Authentication
- Incident Response
- Acquisition (SA-8)
- Maintenance
- Physical Security
- Risk Assessment
- Security Assessment (CA-2)
- Awareness and Training
- Contingency Planning
- Security Assessment
- Physical and Environmental Protection
- System and Communication Protection
- System and Information Integrity
Jeremy Grant, a former NIST official, once explained it this way: “What the government is doing here really is saying, ‘If you want to do business with us, this is the threshold that you’re going to have to meet in terms of how you handle cybersecurity.’”
Adhering to the NIST Framework
Since you clearly want to be able to do business with the government, you need to adhere to this framework. What we’re mainly talking about is safeguarding controlled unclassified information (CUI). This type of information is regularly transmitting through or residing on the internal networks or information systems of most federal contractors. The government wants to strengthen security to keep that information secure.
While the deadline for all of this has already passed, it’s not too late to bring your operations into compliance with these guidelines. We have IT support staff available to take your calls and answer your questions to help get you into compliance.
Act Now and Don’t Lose Out
Want to get started now? Begin by assessing which areas are already meeting the new security stipulations and which areas need more work to get your operations up to speed. After, you will need to implement the necessary changes to get your entire organization into compliance. Otherwise, you may risk losing your current federal contracts or, you may lose out on future opportunities.
This is where we can help. V2 Systems provides advisory, assessment and implementation services to meet your NIST SP 800-171 needs. We can help you understand what it entails, what you need to do to comply and how to get there. And there is always the option for us to just take care of it for you.
Our team brings decades of IT experience and knowledge to the table. We understand the importance of network security and data protection, and we’ll help you protect the federal information you need for your business’ critical operations.
But you need to act quickly. Contact us with your questions, so we can help you achieve a seamless transition and get your organization into compliance.
Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!
