Strategically Assessing Contractor Implementation of NIST SP 800-171

Strategically Implementing Cybersecurity Contract Clauses, USD(A&S) Memorandum, dated February 5, 2019, directs development of a standard methodology to recognize industry cybersecurity readiness at a strategic level.

Assessing Contractor Implementation of Cybersecurity Requirements, USD(A&S) Memorandum, dated November 14, 2019, provides standard DoD-wide methodology for assessing DoD contractor implementation of the security requirements in NIST SP 800-171.

NIST SP 800-171 DoD Assessment Methodology rev 1.2.1, dated June 24, 2020, documents a standard methodology that enables a strategic assessment of a contractor’s implementation of NIST SP 800-171, a requirement for compliance with DFARS clause 252.204-7012.
   - Updates made to rev 1.2 dated June 10, 2020: Section 4) updated to address changes made due to COVID-19 and Annex B updated to address changes made in the Supplier Performance Risk System (SPRS).

Supplier Performance Risk System (SPRS) for NIST SP 800-171 DoD Assessment, dated July 1, 2020, announces the deployment of a cyber assessment capability module within the Supplier Performance Risk System (SPRS), in support of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 compliance. With this deployment, authorized representatives of the contractor may enter results for Basic (self) assessments. Defense Contract Management Agency’s (DCMA) Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) may enter summary results for Medium and High assessments. This deployment allows for a virtual process, driven by COVID-19, for DCMA to evaluate a company’s cyber security status (“NIST 171” compliance), versus the traditional in-plant reviews.

Download PDF Viewer | Download Word Doc Viewer | Download PowerPoint Viewer | Download Excel Viewer