Companies that are working with the government (either directly or indirectly further down the federal supply chain) should be compliant with the latest NIST 800-171 mandate as of December 31, 2017.
If you are a defense or government supplier – or if you are a subcontractor selling to a government supplier – you have probably heard about the NIST 800-171 mandate. You may also be familiar with NIST 800-53 and wondered what's the difference between these two mandates.
Get Answers to Your Questions About NIST 800-171
Typical questions about NIST 800-171 compliance you may have include:
- What is NIST?
- Why have I only heard of NIST recently?
- Who needs to comply?
- Is it only manufacturers that need to comply?
- How does CMMC impact my NIST compliance?
- Will I be notified?
- How much will NIST 800-171 compliance cost?
- Can we do it ourselves?
- What evidence do I need to provide to show compliance?
- I thought the deadline was delayed?
- Maybe I'm already compliant?
- What if I don't comply?
- What if I've missed the deadline?
- What happens next after becoming compliant?
For answers to these and other questions that you may have about NIST compliance, check out Corserva's guide to NIST compliance & CMMC.
CMMC (and CMMC 2.0)
The Cybersecurity Maturity Model Certification (CMMC) is a unified cybersecurity standard created to increase the security posture of companies operating in government supply chains.
The Department of Defense is gradually transitioning from the NIST 800-171 mandate to the CMMC framework. By October 1, 2025, all new DoD contracts will require compliance with CMMC.
Corserva has been in business for over 30 years and offers a large portfolio of IT and consulting services. Our team has a very strong focus on NIST 800-171 assessments and CMMC readiness services.
Corserva is a CMMC-AB Registered Provider Organization™ (RPO) and we are listed on the CMMC-AB Marketplace.
Request a quote today to get started on your path to compliance.