DFARS NIST 800-171 Compliance Overview for DoD Contractors

DFARS NIST 800-171 compliance is now a strict mandate and fully enforceable for all Department of Defense (DoD) contractors as of December 31, 2017.

If you met the DFARS 800-171 deadline, then congratulations, but also know that annual compliance is essential for ensuring your policies, procedures, and processes are functioning as required by the actual NIST 800-171 publication guideline.

DFARS NIST 800 171 Compliance

DFARS NIST 800-171 Compliance is Mandatory – Here’s What You Need to Know

If you haven’t become DFARS NIST 800-171 compliant, the clock is ticking and any number of challenges could be looming, such as the inability to obtain additional contract work from the DoD, failure to obtain work with existing upstream primes, and more. The new regulatory compliance wave is hitting federal contractors quite hard – especially DoD contractors – so getting compliant, and staying compliant, is now more important than ever. FLANK offers a great introduction to the world of DFARS NIST 800-171 compliance, so spend some time learning essential best practices from the federal compliance experts.

DFARS NIST 800 171 Toolkit and Policy Templates

Missed the December 31, 2017 deadline for DFARS NIST 800-171 compliance? FLANK can help, contact us today at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more about our services and solutions for federal contractors.

DFARS NIST 800-171 Compliance is Mandatory

Businesses (i.e., federal contractors) that store, process, and/or transmit Controlled Unclassified Information (CUI) for federal agencies – especially the DoD – have a strict requirement for becoming DFARS NIST 800-171 compliant– that is quite clear by now. And while “self-assessing” is currently acceptable, it’s important to note that upstream entities (such as the actual DoD and primes) are now asking for sufficient evidence for DFARS NIST 800-171 compliance – specifically – a copy (or at least a summary) of one’s System Security Plan (SSP), and if remediation is needed, then also the Plan of Action and Milestones (POAM).

It means that the validation aspect of DFARS NIST 800-171 has taken on a new level of scrutiny where a simple “yes, we are compliant” statement is not going to suffice – you’ll need to be ready to show sufficient evidence to intended parties. Will there be a requirement for a formal assessment to be conducted, followed by an official Security Assessment Report (SAR) – much like FISMA – possibly, but as of this writing, that’s not happened.

Expect to Perform DFARS NIST 800-171 Remediation

Show us an organization that has a picture-perfect control environment in place with all necessary policies, procedures, and processes, and we’ll gladly salute them in terms of compliance. The reality is that EVERY organization has some degree of gaps and deficiencies to correct – it’s just the nature of compliance – so expect to spend both time and money on remediation.

Information Security Documentation is Essential

One of the most-time consuming, challenging – and mundane – measures to put in place for ensuring full and complete compliance with DFARS NIST 800-171 is documentation. Specifically, it’s about developing much-needed information security policies and procedures. While security tools and solutions are essential for DFARS NIST 800-171 compliance, so is documentation, and its why FLANK offers DFAR NIST 800-171 policy templates and toolkits available for instant download today at flank.org.

Want to save hundreds of hours and thousands of dollars on essential InfoSec policy development, then learn more about FLANK’s world-class information security policies, procedures, templates, toolkits, and much more.

Operational Practices are Mandatory

Have you performed and annual risk assessment? How about implementing security awareness training for your employees? These are just a few of the essential operational practices that federal contractors need to put in place for helping ensure DFARS NIST 800-171 compliance. FLANK provides essential documentation for performing risk assessments, conducting security awareness training – and more – and it’s all available for instant download today at flank.org.

Tools and Technologies are Needed

A large – and growing – number of requirements within the NIST SP 800-171 publication actually require a healthy adoption of various security tools and solutions. Some of the more notable tools that come to mind include the following:

  • Two-Factor Authentication (2FA)
  • File Integrity Monitoring (FIM)
  • Internal and External Vulnerability Scanning
  • Performance Monitoring
  • Intrusion Detection Systems (IDS)
  • Audit Logs and Audit Trails

That’s quite a bit indeed, which means companies need to start spending additional time and resources in finding, purchasing, implementing and maintaining such tools. This can be a challenge, no question about it. What’s needed is a firm for helping you choose the right tools at the right prices, and FLANK can assist. Choosing the wrong tool at the wrong prices can be very problematic, so it’s why you should be speaking with FLANK. We’ll connect you with some of the very best tools currently available on the marketplace today. Contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more.

Annual DFARS NIST SP 800-171 Compliance is a Requirement

DFARS NIST SP 800-171 compliance is not a one-and-done scenario. You actually need to put in place comprehensive measures for monitoring and reporting on your controls relating to NIST SP 800-171 compliance. FLANK offers a structured, fixed-fee process for helping federal contractors with annual compliance testing and reporting. And again, many of the requirements found within the family of controls as published within NIST SP 800-171 require a healthy application of information security, technical, and operational policies, procedures, and processes.

This can be a challenge, and its why FLANK offers a world-class DFARS NIST 800-171 Compliance All-in-One Toolkit, available for instant download today at flank.org. Want to learn more about DFARS NIST 800-171 compliance and how FLANK can assist? Then email us at This email address is being protected from spambots. You need JavaScript enabled to view it. now.

FLANK Services for DFARS NIST SP 800-171

As one of North America’s leading providers of defense-related compliance services, FLANK offers the following solutions for DFARS NIST SP 800-171 compliance:

Readiness & Gap Assessments: Getting organizations to understand the true merits of DFARS NIST SP 800-171 compliance requires performing a much-needed readiness & gap assessment. FLANK will help identity scoping boundaries, determine gaps & deficiencies that exits, while also putting in place a structured, practical roadmap for compliance.

DFARS NIST 800-171 Compliance All-in-One Toolkit: You need documentation – and lots of it – when it comes to regulatory compliance. FLANK delivers like no other company, offering a world-class DFARS NIST 800-171 Compliance All-in-One Toolkit containing hundreds of pages of professionally developed security policy templates, and much more. Want to save thousands of dollars on documentation creation, then download the DFARS NIST 800-171 Compliance All-in-One Toolkit today.

Documentation Creation: Speaking of documentation, which we discussed above, if you’re short on time and resources for developing all necessary information security policies and procedures for DFARS NIST SP 800-171 compliance, we can help.

How? Simple, we’ll use your expertly developed policies, procedures, forms, checklists, and more, for developing all required documentation in accordance with the DFARS provisions found within NIST SP 800-171. Don’t forget that developing policies and procedures is one of the most demanding and time-consuming aspects of federal regulatory compliance, and its why FLANK has labored long and hard in developing world-class policy toolkits and templates available for instant download today at flank.org.

Authoring System Security Plan (SSP): Becoming DFARS NIST SP 800-171 compliant also means authoring the SSP, another time-consuming and demanding process, especially when no standard SSP template exists. FLANK has developed the very first NIST SP 800-171 template, and it’s also available for instant download today. The SSP template can be purchased individually, or as part of the DFARS NIST 800-171 Compliance All-in-One Toolkit – the choice is yours.

Assistance with POAM & Related Remediation: Almost every federal contractor – and we mean almost EVERY – will have some type of remediation to perform regarding DFARS NIST 800-171 compliance. Perhaps you need information security policies and procedures authored? Perhaps you need assistance in finding and implementing any number of security tools and solutions (i.e., FIM, IDS, Two-Factor Authentication, etc.). Whatever the remediation needs are, we can help. Contact us today at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more.

Third-Party Assessments: While FISMA compliance requires an actual Security Assessment Report (SAR) as part of the overall FISMA compliance, certification, and accreditation process, DFARS NIST SP 800-171 does not (not yet, but see below!).

Are Security Assessment Reports (SAR) on the Horizon?

Currently, compliance with DFARS NIST SP 800-171 is essentially “self-auditing” in that there is not a formal requirement for an independent, third-party assessment by a security consultant. That could change as the DFARS requirements are very new. FISMA requires an official Security Assessment Report, so don’t be surprised if this eventually happens. We have heard that a small number of defense contractors have been actually asked by upstream primes to complete an independent audit of their NIST 800-171 controls.

Bottom line, more enforcement is coming from the federal government – especially the DoD – so be ready for the changes. FLANK can assist, we offer a full lifecycle of services and solutions for DFAR NIST SP 800-171 reporting, FISMA compliance, and numerous other federal, healthcare, and cybersecurity reporting. Contact us today at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more.

FLANK. A Leading Provider of DFARS NIST 800-171 Services

From readiness & gap assessments to information security policies and procedures writing, authoring the System Security Plan (SSP), and more, FLANK has the expertise and manpower for helping federal contractors become DFARS NIST 800-171 compliant. We’ve been working with federal contractors all throughout North America in assisting with all facets of DFAR NIST 800-171 compliance, so contact us today at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more.

Regulatory compliance doesn’t have to be an operational and financial burden to your business, not when you engage with the experts at FLANK. We offer the most comprehensive set of DFARS NIST 800-171 policy and procedures templates found anywhere today, along with consultants with years of federal regulatory compliance expertise.
References:

  • https://www.nist.gov/mep/cybersecurity-resources-manufacturers/dfars800-171-compliance
  • https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-171.pdf
  • https://www.acq.osd.mil/dpap/policy/policyvault/USA002829-17-DPAP.pdf
  • http://business.defense.gov/Small-Business/Cybersecurity/
FISMA Scoping & Readiness Assessments – Fixed-Fees...
FISMA Compliance & Certification and DFARS 800-171...

By accepting you will be accessing a service provided by a third-party external to https://flank.org/