Today’s government contractors face many challenges to remaining competitive and innovative while managing advanced information technologies and maintaining regulation compliance. Among those challenges is the increased risk of cyberattacks by nation states and other hackers who focus on contractors instead of federal government agencies. Last year, Chinese hackers carried out a cyberattack and gained sensitive and secret data about supersonic anti-ship missiles — information that was not correctly stored and protected by a Navy contractor in accordance with Defense Federal Acquisition Regulation Supplement (DFARS) standards.
DFARS has mandated minimum security standards in the National Institute of Standards and Technology (NIST) Special Publication 800-171 “Protecting Controlled Unclassified Information in Non-Federal Information Systems and Organizations.” Companies that deal with controlled unclassified information (CUI) must comply with NIST 800-171, created specifically for non-federal information systems to secure government data.
If your company processes, stores or transmits federal contract information, you must provide evidence of security protections and compliance or risk the loss of contract awards and the ability to compete for future awards. If you are a government contractor or subcontractor, you must demonstrate “adequate security” as specified by NIST 800-171 and have cyber-incident policies and procedures in place that meet the DFARS requirements.
Valeo Networks has been NIST 800-171 compliant since December 2017. Achieving NIST 800-171 compliance requires a thorough assessment of networks and procedures to address appropriate security policies. Saalex continues to evaluate its networks, procedures and processes to ensure we maintain compliance, demonstrating our commitment to security for our customers and ourselves. If you have questions about the NIST requirements, the NIST website and manufacturing handbook can provide guidance here.
If you need help in securing your data for NIST compliance, contact Valeo Networks for a free compliance assessment.