"More than IT"          951-732-7401     

What is the DFARS?

– Defense Federal Acquisition Regulation Supplement. A supplement to the FAR that provides DoD-specific acquisition regulations that DoD government acquisition officials – and those contractors doing business with DoD must follow in the procurement process for goods and services.


NIST 800-171

The NIST 800-171 standard, Protection Controlled Unclassified Information in Nonfederal Information Systems and Organizations¸ defines controls to safeguard information such as controlled technical information, or other information that would be described as controlled unclassified information (CUI) or covered defense information (CDI).

The Department of Defense (DoD) Federal Acquisition Regulations Supplement (DFARS) requires that contractors must be compliant with NIST 800-171 by no later than December 31, 2017.

NIST 800-171 was developed specifically to protect sensitive data on contractor and other nonfederal information systems.  The set of controls outlined in 800-171 is designed to protect CUI and eliminate the built-in overhead that was geared mostly toward federal agencies.  NIST 800-171 requirements have a total of 109 requirements that are simplified to a basic level of understanding.  The 109 controls are spread across 14 control families:


Additionally, NIST 800-171 has been derived from NIST 800-53 and FIPS 200.  Many procedural elements have been removed altogether to focus on the most applicable moderate baseline controls.

It is important to note that contractors, under DFARS 252.204-7012, can deviate from the 800-171 control requirements.  The only stipulation is that the DoD CIO’s authorized representative must approve the deviation.  This allows contractors to build on or enhance any security programs that are currently in place, without having to reinvent the wheel and not acquire new systems just to process, store or transmit CUI.

How can we help?

Whatever your security requirements are, Network Solutions and Consulting Services (NSCS.biz) can help.  We are expert in meeting DFARS 252.204-7012 compliance requirements, NSCS.Biz is the place to come when you are thinking security.  We will start with a NIST 800-171 assessment to measure your effectiveness and see where to begin and then build out your security program to meet compliance.

NIST 800-171 Assessment Process

Following the testing guidance from the National Institute of Standards and Technology (NIST), NSCS.Biz will conduct an assessment to determine your company’s compliance with NIST 800-171. From this we prepare:

  • System Security Plan (SSP)

A document that describes how you've implemented the 110 requirements, plus a series of statements regarding your environment.

  • Plans of Action

A document that describes how you intend to meet the requirements you currently cannot meet.


Benefits of NIST 800-171

Implementing NIST 800-171 is a requirement that should have been met prior to the December 31, 2017, deadline. Contractors and relevant organizations that fail to fully implement of NIST 800-171 will be precluded from contracting with the DoD. This applies to all prime contractors and their subcontractors.

Organizations that are NIST 800-171 compliant, can maintain existing government contracts, win new Federal contracts, and improve their overall information security.


Why Choose NSCS.Biz?

We understand that your company’s time is extremely valuable. Our team of security professionals will conduct a NIST 800-171, NIST 800-53, FISMA, and FedRAMP assessments.


Our streamlined security assessment process allows for your assessment to be conducted in a timely manner so that you can continue meeting your contractual requirements.


Our experienced team will be available throughout the assessment in order to provide independent, unbiased recommendations from an experienced third-party assessor.


CALL 1-951-732-7401 OR Email This email address is being protected from spambots. You need JavaScript enabled to view it.