From: National Defense Magazine
***
The Pentagon’s current approach for establishing and maintaining contractor compliance with cybersecurity standards is through the contract clause at Defense Federal Acquisition Regulation Supplement 252.204-7012, which as of Dec. 31, 2017, required covered contractors to implement the National Institute of Standards and Technology Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.” Importantly, contractors “self-attest” to meeting those requirements, which is often a difficult assessment.
As the Defense Department warns in its guidance accompanying these requirements, however, “[u]ltimately, it is the contractor’s responsibility to determine whether it is has implemented the NIST SP 800-171 (as well as any other security measures necessary to provide adequate security for covered defense information).”
![Share on Facebook Facebook](https://www.thecre.com/fisma/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96x96/facebook.png)
![Share on Twitter twitter](https://www.thecre.com/fisma/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96x96/twitter.png)
![Share on Google+ google_plus](https://www.thecre.com/fisma/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96x96/google_plus.png)
![Share on Reddit reddit](https://www.thecre.com/fisma/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96x96/reddit.png)
![Pin it with Pinterest pinterest](https://www.thecre.com/fisma/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96x96/pinterest.png)
![Share on Linkedin linkedin](https://www.thecre.com/fisma/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96x96/linkedin.png)
![Share by email mail](https://www.thecre.com/fisma/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96x96/mail.png)
Leave a Reply