On Wednesday, June 27, 2018, NIST (National Institute of Standards and Technology) released the final version of its Special Publication 800-171A, providing guidance for Department of Defense contractors complying with the cybersecurity rules in the DFARS (Defense Federal Acquisition Regulation Supplement). The publication details how compliance is assessed.
Key takeaways from the guidance
- Contractors must implement NIST SP 800-171A
- Contractors need to demonstrate that they have implemented or are going to implement the DFARS requirements
- If not yet implemented, contractors must develop a plan of action to demonstrate that they will do this
However, many small and medium-sized organizations still struggle with interpreting how they are being evaluated on compliance.
Achieving compliance through implementing an ISMS
One way for contractors to start their compliance journey is by implementing an ISMS (information security management system).
ISO 27001 is the international standard that describes best practice for an ISMS. Implementing an ISO 27001-compliant ISMS not only helps protect an organization from potential data breaches but also sends a message to clients, peers, and industries that it is taking effective measures to protect its data.
Implementing an ISO 27001 ISMS can be challenging. IT Governance’s Nine Steps to Success – An ISO 27001 Implementation Overview can help you get started on your implementation journey.
Resources to help you
Learn more about NIST and ISO27001
The NIST CSF (Cybersecurity Framework) is a voluntary framework for organizations to manage and mitigate cybersecurity risk based on existing standards, guidelines, and practices. The CSF can work in conjunction with ISO 27001, helping you comply with the NIST SP 800-171A requirements mandated by the DFARS cybersecurity rules.
Download our free green paper to learn more about the NIST CSF and ISO 27001, and how to get started with compliance.
Learn how to implement an ISMS and achieve ISO 27001 certification
IT Governance’s ISO 27001 Foundation and Lead Implementer courses will guide you through the ISO 27001 ISMS implementation process. You will gain an understanding of the activities needed to plan, implement, and maintain an ISO 27001-compliant ISMS.