NIST 800-171: Enhanced Cybersecurity Measures for Government Contractors

Enhanced Cybersecurity Measures for Government Contractors

Did you know the global average cost of a data breach is $3.86 million? The average cost to a business, no matter the size averages $200,000.   Even small businesses are targets, accounting for forty-three percent of all cyberattacks.  Which is why companies across industries are bolstering their cybersecurity budgets in an effort to protect themselves against cyber threats. So, it doesn’t come as a surprise that in recent years the DoD has put enhanced regulations in place for contractors who support government projects.

As an electronics manufacturer that not only works directly with the DoD, but partners with multiple customers who are prime subcontractors on major government initiatives, we are prioritizing the implementation of these new standards.

Not only do we want to be protected, but we want all of our customers to be protected from cybersecurity threats. We’re committed to achieving and maintaining the highest levels of cybersecurity as outlined in the NIST 800-171 System Security Plan for our federal agency clients and subcontractor partners.

 

What is NIST 800-171?

NIST stands for National Institute of Standards and Technology. This non-regulatory agency initiates solutions to harmonize documentary standards across industries. NIST 800-171 is a special solution used by non-federal entities for processing, storing, and transmitting controlled unclassified data (CUI) and a requirement for all manufacturers fulfilling government contracts.

The cybersecurity assessment consists of 110 weighted criteria across 14 key areas, with scores ranging from -240 to 110.

Scores are posted on the DoD’s Supplier Performance Risk System (SPRS) for all federal agencies to view. The higher your NIST 800-171 grade the more likely you are to be awarded new contract opportunities. Manufacturers looking to earn government projects (or partner with companies who do) need to prioritize improving their scores.

 

14 Control Areas of the NIST 800-171

Contractors who require access to CUI must ensure security compliance across these 14 control areas:

  • Access Control
  • Awareness & Training
  • Audit & Accountability
  • Configuration Management
  • Identification & Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Personnel Security
  • Physical & Environmental Protection
  • Risk Assessment
  • Security Assessment
  • System & Communications Protection
  • System & Information Protection

 

Why is NIST 800-171 compliance important?

Electro Soft frequently encounters CUI when carrying out government contracts for federal agencies or offering third-party support to other government contractors. If your organization works with government agencies, it is imperative to partner with manufacturers who are NIST 800-171 compliant in order to meet all required guidelines and continue earning new contracts.

 

Electro Soft’s Certification Action Plan

When the DoD initially announced the NIST requirement, Electro Soft began putting an action plan in place. In November 2020, we took our first steps toward meeting all security requirements in partnership with Sabre Systems. With their expertise, we have continued to improve our cybersecurity practices, and we’re on track to achieve the highest NIST score by the end of 2021.

 

NIST Certification Progress

Verified Score NOV 2020 -240
Verified Score JUL 2021 -17
Projected Score SEPT 2021 61
Projected Score DEC 2021 110

 

Ensuring the Safety of Controlled Unclassified Data

Implementing measures of this magnitude generally takes 12-18 months to achieve – and we’re ahead of schedule! We are proud of the progress we have made to better serve our federal agency clients and subcontractor partners, but we are not finished yet. And we will not stop until the highest security score is earned.

Most important, once these measures are in place, ALL  our customers benefit – both government and commercial.

Are you ready to work with a fully compliant NIST 800-171 partner? Let’s discuss your next project today!

Back to blog