skip to Main Content

Welcome

Stronghold Cyber Security is a veteran-owned cyber security company located near historic Gettysburg, Pennsylvania that provides cutting-edge security services to businesses throughout the country. Service offerings include regulatory compliance, penetration testing, advanced cyber risk management, along with customized cyber security programs.

Get In Touch

Email: info@strongholdcybersecurity.com
Phone: 1-800-378-1187
Phone: 717-549-4009
Address: Gettysburg, PA

Our Location

Gettysburg
NIST Compliance FAQ: What If My Company Does Not Comply With NIST 800-171?

NIST Compliance FAQ: What if my company does not comply with NIST 800-171?

President Obama issued Executive Order (EO) 13556, Controlled Unclassified Information, on 04 November 2010.

It was this EO that laid the groundwork for NIST Special Publication 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.”

As of December 2015 (23 months ago), DFARS 225.204-7012 required DoD contractors to implement NIST 800-171 “as soon as practical, but not later than December 31, 2017”.  This deadline is now 30 days away, and many contractors are not complaint.  What is worse, is that many have not taken steps to comply, putting their business at risk.

There is a lot of debate over what is and what is not Controlled Unclassified Information (CUI), and many small businesses think they do not have to comply because they are subcontractors, or they think they don’t hold any CUI.  However, the problem is that the big, multi-billion dollar DoD prime contractors (you know who they are) are not taking ANY chances with NIST 800-171 at all, because billions of dollars are at stake.

Here is the bottom line – if you have a Commercial and Government Entity Code (CAGE Code), https://www.fsd.gov/fsd-gov/answer.do?sysparm_number=kb0011119 and you fall anywhere within the DoD supply chain (whether its materials or labor), you need to comply with NIST 800-171.  If your business is not compliant by December 31, 2017, the prime contractors will just remove you from their list of suppliers.

Sadly, it is well known in the InfoSec community that 800-171 is going to convert countless formerly thriving small businesses into corpses, when they choose not to comply.

Back To Top