DoD Suppliers: Do You Have These 3 Critical Items on Your IT Roadmap?
Systems within the U.S. government are under attack as never before, making it vital to ensure that all components of connected systems are fully secure and ready to protect the country’s digital assets and supply chain. A new interim rule for the DoD’s assessment methodology for NIST SP 800-171 introduces some additional safeguards that all suppliers working on DoD contracts should take into consideration.
Here’s what you need to know to ensure compliance with the three crucial areas of these directions: a new assessment methodology, contractor compliance and the November 30, 2020 deadline.
Updated Assessment Methodology for NIST 800-171
With three levels of assessment from basic, to medium and high, contractors must first determine where their organization needs to rank within the tiers. This scoring component tops out at 110, which indicates full implementation of all NIST 800-171 controls. Unfortunately, there are few points given for partial implementations of the specific requirements, and a complex range of scoring options that could serve to increase confusion.
Contractors are able to submit their level of assessment based on the following criteria:
- A “low” level of confidence is represented by a basic review and self-assessment by the contractor, without outside engagement of the DoD.
- With a medium level of confidence, contractors must ensure that their NIST 800-171 assessment is reviewed not only by internal personnel, but also have the SSP (system security plan) reviewed by DoD professionals.
- The highest level of assessment confidence involves bringing DoD staff members on-site or virtually to perform a more decisive review of settings and standards.
Contractors Must Take This Step to Remain DoD Compliant with NIST 800-171
It is extremely important for government contractors subject to these requirements to take the necessary steps to report their readiness level prior to the November 30, 2020 deadline. The DoD is stating that they will not renew contractors in December if these steps have not yet been completed. Contractors must log into the DoD’s SPRS (Supplier Performance Risk System) and post their NIST 800-171 SP Assessment to their account. Subcontractors may also be required to complete additional documentation and scoring for the NIST 800-171 standards, due to the required flow-down standards.
Don’t Risk Your Ability to Renew DoD Contracts: Colorado Computer Support Can Help
Failure to take action could easily risk your ability to renew contracts beyond the November 30, 2020 cutoff date. Ensure that your company and your subcontractors are in full compliance with these revised standards when you call Colorado Computer Support at 719-310-3035. Our team is well-versed in NIST standards and requirements for DoD contracting and can work with you to ensure you are fully prepared to withstand the additional scrutiny on your operations and that of your suppliers.