Companies that are working with the government (either directly or indirectly further down the federal supply chain) should be compliant with the latest NIST 800-171 mandate as of December 31, 2017.
If you are a defense or government supplier – or if you are a subcontractor selling to a government supplier – you have probably heard about the NIST 800-171 mandate. You may also be familiar with NIST 800-53 and wondered what's the difference between these two mandates.
Get Answers to Your Questions About NIST 800-171
Typical questions about NIST 800-171 compliance you may have include:
- What is NIST?
- Why have I only heard of NIST recently?
- Who needs to comply?
- Is it only manufacturers that need to comply?
- How does CMMC impact my NIST compliance?
- Will I be notified?
- How much will NIST 800-171 compliance cost?
- Can we do it ourselves?
- What evidence do I need to provide to show compliance?
- I thought the deadline was delayed?
- Maybe I'm already compliant?
- What if I don't comply?
- What if I've missed the deadline?
- What happens next after becoming compliant?
For answers to these and other questions that you may have about NIST compliance, check out Corserva's guide to NIST compliance & CMMC.
The Cybersecurity Maturity Model Certification (CMMC) is a unified cybersecurity standard created to increase the security posture of companies operating in government supply chains.
The Department of Defense is gradually transitioning from the NIST 800-171 mandate to the CMMC framework. By 2026, all new DoD contracts will require compliance with CMMC.
The CMMC framework requires all companies seeking compliance to work with an accredited and independent third-party organization called a “CMMC Third Party Assessment Organization” or C3PAO. Unlike NIST 800-171, there is no option for self-attestation with CMMC.
Corserva has been in business for over 30 years and offers a large portfolio of IT and consulting services. Our team has a very strong focus on NIST 800-171 assessments and CMMC readiness services.
Corserva is a CMMC-AB Registered Provider Organization™ (RPO) and we are listed on the CMMC-AB Marketplace.
Request a quote today to get started on your path to compliance.