Assessing, Planning, and Taking Actionfor Cyber Security Compliance

Developing and implementing an adequate Cyber Security system is a requirement for government defense contractors including subcontractors for the purpose of safeguarding covered defense information. DFARS 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting” mandates contractors comply with NIST 800-171 “Protecting Controlled Unclassified Information in Non-Federal Information Systems and Organizations” by December 31, 2017. The NIST standards serve as a guide to government for contractors to develop a cybersecurity plan, conduct an assessment, produce an assessment plan, and a plan of action. When submitting an offer, a contractor is representing its compliance.