What is NIST SP 800-171 and What Role Does it Play in Defense Contracting Compliance?

NIST 800-171 featured

The document library of the NIST website can be daunting and seemingly endless in terms of the various frameworks, controls and requirements that it provides. The 800 series, in particular, while important and, in many cases, necessary, is also hard to penetrate if you don’t already have some knowledge of what it contains. This can provide a challenge for organizations working with the DoD supply chain, especially those handling classified or sensitive material. 

In this article, we’ll cover one of these publications: NIST 800-171. This document defines security for a specific form of government information that many contractors under the executive or defense departments: CUI. While important on its own, this document also informs several important security frameworks, namely CMMC.

 

Read More

What is a C3PAO in CMMC Certification?

CMMC c3pao featured

CMMC certification is rolling out in RFPs in the defense and federal security compliance space. This framework promotes a uniform approach to security to protect important, unclassified data that passes through third-party vendors working with federal agencies. To ensure that companies are meeting their compliance requirements, CMMC leverages outside certified assessors to serve as third-party assessment organizations (C3PAO).

In this article, we will cover the basics of C3PAOs in CMMC certification. This discussion includes a breakdown of CMMC requirements and the importance of a C3PAO in providing objective evaluations of vendor security in the defense space. 

 

Read More