Those of you working under federal contracts (and especially under DoD contracts) most likely have heard of NIST Special Publication 800-171, Protecting Controlled Unclassified Information (CUI) in Nonfederal Information Systems and Organizations. Hearing about it is a start, but have you asked yourself (or your organization) what the possible impacts of this policy are when applied to your company? Enforceable language is already being included in DoD contracts that mandate compliance with 800-171, in addition to reporting cyber compromises. There’s still time to get ready and come up with implementation plans, but it is going to be Dec 2017 quickly and now’s the time to get started. This forum is meant to be a platform to discuss these new requirements in addition to possible ways of effectively dealing with them.
You must be logged in to reply to this topic.