By Sarah Tennant, MEDC/MDC Strategic Advisor – Cyber Initiatives

Nearly 4,000 Michigan businesses are currently serving the defense industry and Michigan meets 73% of its defense sector demand locally. But, that could change if your company is not meeting the new NIST compliance requirements.

DFARS (Defense Federal Acquisition Regulation Supplement) regulations require that all DoD Suppliers implement NIST Special Publication 800-171 controls by December 31st, 2017. This mandate is not only critical to supporting U.S. Government missions but also ensuring the security of your intellectual property. 70% of everything a soldier shoots, drives, flies, wears, eats or communicates with is contracted from Michigan. A security or cybersecurity breach in this supply chain, can directly affect our soldiers ability to protect our nation.

The U.S. Department of Defense (DoD) published in 2016 a new Defense Federal Acquisition Regulation Supplement (DFARS) provision and two clauses covering the safeguarding of contractor networks. The final DoD clauses are DFARS 252.204-7008, “Compliance with Safeguarding Covered Defense Information Controls,” and DFARS 252.204-7012, “Safeguarding Covered Defense Information and Cyber Incident Reporting.” To comply with the rule, contractors must meet the standards set forth in the National Institute of Standards and Technology Special Publication 800-171 (NIST SP 800-171) On Sept. 21, 2017, the Office of the Under Secretary of Defense provided guidance to DoD acquisition personnel concerning implementation of the NIST SP 800-171 standards

The National Institute of Standards and Technology (NIST) has released Special Publication 800-171. The document covers the protection of Controlled Unclassified Information (CUI) in Nonfederal Information Systems and Organizations.

The document was designed to provide guidance on ensuring that all systems that process, store, or transmit CUI information are secured and hardened. Compliance to the 800-171 standard is enforced by a set of technical policies. NIST SP 800-171 outlines those policies. A deadline to comply or to report delays in compliance has been set for December 31, 2017.

The Michigan Defense Center and MEDC wants your company to be prepared. Please check out the resources below to find out more about these compliance requirements and find assistance if necessary.

Local information Sessions on this topic:

Contact our partners at Michigan Manufacturing Technology Centers for more information and scheduled informational events. Your local PTAC may also have information to get to you a resource.