Proudly serving Virginia, Maryland and DC // Call us today! 703.396.6120
V2 SystemsV2 Systems
What You Need to Know: Navigating NIST SP 800-171 Compliance to Meet Dec. 31 Deadline

by Erik Briceno

If you’re a federal government contractor, you might already know you need to conform to the updated cybersecurity standards outlined in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Non-Federal Information Systems and Organizations.”

If that bit of government-speak has you perplexed, don’t worry. We’re here to guide you through the bureaucratic maze, so you can meet these requirements by the rapidly approaching year-end deadline of Dec. 31. We’ll explain what this means for your business and how to make sure you meet the requirements.

New Federal Cybersecurity Requirements

Here’s the situation: Federal government agencies — including Defense, NASA and the General Services Administration, among others — have to meet new cyber-security measures for how they handle data. That means any contractors or subcontractors who do business with those agencies also have to meet these new requirements.

Most contractors regularly process, store and transmit sensitive federal information in their IT systems as part of their role in delivering essential products and services to federal agencies. The government is now stepping up protections for that sensitive federal information.

Non-Federal Organization (NFO) controls mandated by NIST SP 800-171 affect the following categories:

  1. Planning
  2. Acquisition
  3. Configuration Management
  4. Identification and Authentication
  5. Incident Response
  6. Acquisition (SA-8)
  7. Maintenance
  8. Physical Security
  9. Risk Assessment
  10. Security Assessment (CA-2)
  11. Awareness and Training
  12. Contingency Planning
  13. Security Assessment
  14. Physical and Environmental Protection
  15. System and Communication Protection
  16. System and Information Integrity

Jeremy Grant, a former NIST official, explained it this way: “What the government is doing here really is saying, ‘If you want to do business with us, this is the threshold that you’re going to have to meet in terms of how you handle cybersecurity.’”

Not Too Late to Meet the Deadline

Since you clearly want to be able to do business with the government, you need to meet this deadline, which is only a few weeks away. What we’re talking about is safeguarding controlled unclassified information (CUI). This type of information is regularly transmitting through or residing on the internal networks or information systems of most federal contractors. The government wants to strengthen security to keep that information secure.

While there are only weeks until the deadline, it’s still not too late to bring your operations into compliance with these new guidelines. We have IT support staff  available to take your calls and answer your questions to help get you into compliance.

Don’t Wait Until You Lose a Contract

Want to get started now? Begin by assessing which areas are already meeting the new security stipulations and which areas need more work to get your operations up to speed. After, you will need to implement the necessary changes to get your entire organization into compliance. Otherwise, you may risk losing your federal contracts.

Protect the Information Your Business Needs to Succeed

What You Need to Know: Navigating NIST SP 800-171 Compliance to Meet Dec. 31 DeadlineThis is where we can help. V2 Systems provides advisory, assessment and implementation services to meet your NIST SP 800-171 needs. We can help you understand what it is, what you need to comply and how to get there. And there is always the option for us to just take care of it for you.

Our team brings decades of IT experience and knowledge to the table. We understand the importance of network security and data protection, and we’ll help you protect the federal information you need for your business’ critical operations.

But you need to act quickly. Contact us with your questions, so we can help you achieve a seamless transition into compliance.

Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Let us take care of your IT while you take care of business.

ebriceno
About ebriceno
Erik Briceño is the owner of V2 Systems, Inc., one of Northern Virginia’s leading Information Technology Managed Service Providers. He is an inspiring leader for its employees and instrumental business partner for its customers. He is passionate about V2’s purpose, dedicated to exceeding expectations and a consummate professional not afraid of jumping in and getting his hands dirty. Prior to joining V2 Systems in 2002, Erik was a co-founder and COO of Ampcast.com, a leading provider of online resources servicing over 5,000 independent musical artists. At Ampcast.com, Erik spearheaded all aspects of corporate development, funding, strategic vision, and business development for the firm. From 1997 to 1999 Erik held the position of Acoustic Systems Engineer for Electric Boat Corporation, a leading defense contractor. In this role, Erik was responsible for the acoustic fidelity of two noise critical systems and components in the US Navy’s nuclear submarine systems. Erik holds a B.S. in Mechanical Engineering from Vanderbilt University and a Masters of Business Administration from George Mason University. When not working, you will find Erik a dedicated family man, raising two young children with his lovely wife Karen. Together, they enjoy building legos, playing baseball, skiing, riding horses, swimming, traveling, and fixing up old Mopars.
What You Need to Know: Navigating NIST SP 800-171 Compliance to Meet Dec. 31 Deadline
What You Need to Know: Navigating NIST SP 800-171 Compliance to Meet Dec. 31 Deadline