Speaker: Tom Tollerton, CISSP, CISA, QSA, Dixon Hughes Goodman LLC
The federal government has demonstrated increased focus on the ability of its partners in the private sector to protect sensitive, but unclassified information. In 2016, the Department of Defense finalized DFARS 252.204-7012, requiring contractors to achieve compliance with 14 specific control objectives defined in NIST Special Publication 800-171 (Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations) no later than December 31, 2017. As that date rapidly approaches, contractors should be assessing their current cybersecurity posture and remediating any gaps preventing full compliance with the NIST publication. Failure to demonstrate compliance or a detailed roadmap to compliance by the December 31deadline could impact an contractor’s ability to be awarded or retain contracts.