NIST 800-171 Compliance actually means DFARS Cybersecurity requirements must be met.
The NIST 800-171 requirements have always vexed small manufacturers due to the specific wordiness, so the NIST (National Institute of Standards and Technology) has been trying to make this easier to understand with the following pdf: https://nvlpubs.nist.gov/nistpubs/hb/2017/NIST.HB.162.pdf
This is an important paragraph: from pdf
So needless to say if you are a small manufacturer and sell stuff to the US government you will have to be compliant or else…. what is the or else? I surmise the or else is pretty bad, since there has been plenty of time for you to get on board of this new initiative . Admittedly it has been a chore to get through the NIST 800-171 documents up to now. As I have discussed in June on this site.
Like this for example:
There are many such points in the document,
Here is the full list of 14 points you have to work on:
14 controls have to be set up
- AC – Access Control
- AT – Awareness & Training
- AU – Audit & accountability
- CM – Configuration Management
- IA – Identification and Authentication
- IR – Incident Response
- MA – Maintenance
- MP – Media Protection
- PS – Personnnel Security
- PP – Physical Security
- RA – Risk Assessments
- SA – Security Assessments
- SC – System & Communications protection
- SI – System & Information integrity
None of these points are actually brain surgery, where you need 10 plus years of training and schooling. In fact most of these your IT department can perform in their regular work. they just need support from above (i.e. resources).
The one point of audit and accountability the company itself cannot do it by itself effectively. As there is nothing like a person outside of the organization to have a point of view that can be fresh or at least without the company culture in mind. which is what we do here at Fixvirus.com
So these 14 points should not dissuade you from becoming compliant, in fact even if you do not have multi-factor authentication(Identitification and Authentication), and it would take 6 months to implement, all you have to do is to create a POAM or Plan of Action and Milestone. So once you have writtenup proof or POAMs then you are compliant – easy.
This is how I can state that you can come into “compliance” with NIST 800-171 quickly.
Contact us to review and discuss .