Manufacturing

Time is running out – December 31, 2017 is the deadline for NIST SP800-171 cybersecurity compliance for all supply chain manufacturers. Are you prepared?

All commercial government, supply chain, manufacturing, aerospace, and automotive suppliers must implement the cybersecurity controls, listed in the NIST SP 800-171 guidelines by December 31, 2017. Failure to comply will reduce an organization from qualifying for contract renewal. These requirements for compliance include a gap analysis of organizations’ cyber preparedness and on-going continuous improvement of cyber health.

Most small to medium-sized commercial companies face continuous challenges to simply maintain the everyday information technology and networking needs to support their core businesses. Therefore, for small and medium companies which are part of the U.S. government manufacturing supply chain, these new information security compliance requirements represent a unique challenge directly related to their bottom lines. Commercial supply chain organizations must follow the same guidelines as federal contractors.

The Department of Defense has issued a Defense Federal Acquisition Regulation Supplement (DFARS) 252.204.7012 regarding the Safeguarding Covered Defense Information and Cyber Incident Reporting. This requires that contractors implement the security controls defined in NIST SP 800-171. With over 100 controls that must be addressed, the challenge is understanding what it means to be compliant and how to implement and maintain appropriate security safeguards. All suppliers must assess the cyber security posture of their network/system across the 14 security control domains defined in NIST SP 800-171 and be prepared to notify the DoD and the affected supply chain should an incident occur within 72 hours of any cyber security incident.