NIST 800-171 versus CMMC

By000 Lisa DeVoto
Since the end of 2017, all subcontractors working within Department of Defense (DoD) supply chains were required to comply with the NIST 800-171 mandate. Since then, the Cybersecurity Maturity Model Certification (CMMC) has been published. Suppliers need to understand the differences between NIST 800-171 and CMMC and how they impact DoD contracts under which they are working.