NIST 800-171 | Withum

Does Your Organization Meet All NIST Requirements?

Is your organization prepared to demonstrate NIST 800-171 compliance?

As of 2017, any entity that processes or stores US government Controlled Unclassified Information (CUI) — government contractors, research institutions, consulting companies, manufacturing contractors — must comply with the stringent requirements of NIST 800–171 or be prepared to face a myriad of risks, including the loss of contract renewals, newly won bids, or the ability to secure future contracts.

NIST 800-171 Compliance and the Upcoming CMMC

The US National Institute of Standards and Technology (NIST) promotes and maintains measurement standards and guidelines to help protect the data and information systems of federal agencies. If your organization specializes in these spaces, the NIST compliance framework should not be a stranger to you.

Initially, the NIST 800-171 was meant to be a “common sense” set of guidelines for any organization seeking to improve their cybersecurity. Since compliance with NIST 800-171 became a requirement in 2017, contractors have been inaccurately self-attesting to NIST 171 compliance, which has resulted in serious cybersecurity deficiencies, security breaches, and delayed projects. In response to this, the DoD announced the impending compliance due date of the Cybersecurity Maturity Model Certification (CMMC) for September 2020. Once officially released, a CMMC certification will be required in place of self-attested NIST compliance.

Starter Guide for NIST Compliance

Improve cybersecurity of your data handling policies and procedures with our starter guide for NIST compliance.

Download here to learn more.

The good news is you can get ready for the CMMC today, by partnering with Withum to perform a NIST compliance audit and cybersecurity assessment. Reach out to us for a complimentary consultation.

Consequences of NIST 800-171 Non-Compliance

If an organization is found to be out of compliance with NIST 800-171 (and the soon to be CMMC), they risk losing any current contracts or newly won bids, as well as being prevented from closing any additional contracts in the future. Plus, the reputational damage of being non-compliant can have far-reaching consequences. Below is a brief timeline on the expected CMMC rollout:

January 2020 – CMMC Compliance Checklist released
June 2020 – CMMC requirements will appear in RFIs
September 2020 – CMMC requirement will appear in RFPs

How to Become NIST 800-171 Compliant

Since self-attested NIST 800-171 compliance will no longer be accepted, this means organizations should prepare for the CMMC now by becoming NIST 800-171 compliant as soon as possible. Any type of cybersecurity audit takes time, and a NIST compliance audit is no different. Now that the CMMC deadline is approaching in September 2020, the last thing companies want is to be scrambling about trying to tie up loose ends and/or fixing surprise noncompliance issues. The best way to get ready for the CMMC is to follow these steps:

Understand the NIST 800-171 compliance requirements
Analyze current cybersecurity measures and processes
Identify any security breaches or compliance gaps
Put measures in place to meet NIST 800-171 compliance

Why Partner With Withum for NIST Consulting

With over 20 years of experience in the areas of cybersecurity, digital forensics, and data privacy, Withum’s security consultants and auditors have seen it all. We’re well-equipped to help organizations of all sizes prepare for the CMMC by meeting NIST 800-171 compliance. Even though the CMMC is months away, DoD, GSA, and NASA contracts (among others) require NIST 800-171 compliance now.

Don’t be left unprepared — start planning for NIST 800-171 (and CMMC) today – reach out to us for a complimentary consultation.