SP 800-171 Rev. 2: Understanding the New Cybersecurity Standard for Defense Contractors

Industry:Compliance, Controlled Unclassified Information, CUI, Cybersecurity, Data protection, Federal Contractors, final, NIST, publication, Rev 2, SP 800-171

SP 800-171 Rev. 2 is a set of cybersecurity requirements developed by the National Institute of Standards and Technology (NIST) to protect CUI stored on non-federal information systems. Released in 2020 (updates to January 28, 2021), it aligns with NIST’s Cybersecurity Framework (CSF) and aims to safeguard sensitive information, such as technical data, export-controlled information, or sensitive government information.

Key Changes in SP 800-171 Rev. 2

The updated standard expands the previous requirements in several ways. First, it aligns better with the NIST CSF, providing a comprehensive and risk-based approach to cybersecurity. Second, it has more security needs, including requirements for secure password management, vulnerability management, and incident response. Third, it clarifies several requirements, such as network security, encryption, and access control.

Implications for Defense Contractors

Defense contractors must comply with SP 800-171 Rev. 2 if they store, process, or transmit CUI on their systems. The new standard expands the previous requirements, making it more challenging for organizations to meet the standard’s requirements. Failure to comply can result in significant consequences, such as financial penalties and loss of business.

Meeting the Requirements of SP 800-171 Rev. 2

To meet the requirements of SP 800-171 Rev. 2, organizations must take several steps:

Assess Their Current Security Posture

Organizations should assess their current security posture and identify areas where they may need to make improvements, such as updating technical controls, improving incident response processes, and implementing additional security measures.

Develop a Plan to Implement the Standard

Organizations need to make a plan that fits their security needs and resources to follow the updated standard. This plan should include a timeline, budget, and clear goals.

Implement the Standard

Organizations should implement the security measures outlined in the standard, including technical controls, incident response processes, and security policies.

Monitor and Review

Organizations need to check their security often to ensure they are following the rules. This means they should assess their security, test how they respond to problems, and update their security when needed.

In conclusion, SP 800-171 Rev. 2 is crucial for defense contractors who deal with sensitive information. The updated standard includes many parts of information security, such as controlling access to information and handling problems that might come up. Following these rules is essential to keep important information safe and protect national security. Contractors who haven’t started following the new rules should start as soon as possible.

Share in Social Media

case studies

See More Case Studies

Case Studies, Cyber Security, IT Consulting

Securing Defense Contracts: A DFARS 252.204-7012 Compliance Case Study

Discover how Cleared Systems helped a Federal Contractor successfully achieve DFARS 252.204-7012 compliance by strengthening its cybersecurity posture, giving it a competitive edge when bidding for DoD Contracts.

Learn more

Microsoft GCC High

What is GCC High?

Microsoft 365 Government Community Cloud (GCC) High is a specialized cloud solution tailored for U.S. federal, state, local, tribal, and territorial government organizations, as well as for contractors who hold or process data subject to specific security regulations. In this article, we will explore the features, benefits, and differences between Microsoft 365 GCC High and other Office 365 offerings.

Learn more

DoD 8570 compliance

Cleared Systems is Now a CompTIA Authorized Partner!

Is Your Workforce DoD 8570 Ready? The DoD Cyber Workforce Framework (DCWF) mandates that all personnel with access to DoD information systems possess a baseline

Learn more

Cybersecurity

Cybersecurity Risk Management: Benefits, Frameworks, Processes & Best Practices

In today’s hyper-connected world, organizations of all sizes operate within a complex digital landscape teeming with opportunities and, unfortunately, vulnerabilities. This interconnectedness reveals one uncomfortable

Learn more

FedRAMP Certification, FedRAMP compliance

Consulting

Navigating the Clouds with Confidence: An Introduction to FedRAMP Compliance

Gone are the days of bulky servers and dusty storage rooms. Cloud technology has revolutionized data management, offering agility, ease of use, scalability, convenience, and

Learn more

Partner with Us for Compliance & Protection

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Your benefits:

What happens next?

Schedule an initial meeting

Arrange a discovery and assessment call

Tailor a proposal and solution

How can we help you?

We got on board with Cleared Systems back in February 2022, and I've got to say, it's been an amazing journey. They're not just another team; they're problem-solvers, especially when it comes to the tough challenges. Moving to GCC High could have been a headache, but they made it feel seamless, handling the migration with such efficiency. They didn't just move us over; they also enhanced our system with some smart integrations along the way. Their fast response and ability to get things done have been a massive boost for us.

Aubert Cohron

Appreciate the quick and helpful response. Always responsive to our cybersecurity needs.

Bradley Riley

Awesome company and great people. I highly recommend them.

Leighton Cook

Great location and awesome place to work!

Сеигпи Пеихуров

SP 800-171 Rev. 2: Understanding the New Cybersecurity Standard for Defense Contractors

Key Changes in SP 800-171 Rev. 2

Implications for Defense Contractors