The resources section provides links to important documents and content that will assist
in understanding security controls and conducting the assessment process.
This link points to the actual Defense Federal Acquisition Regulation Supplement (DFARS)
clause 252.204-7012. Those using this link would want a concrete understanding of what the
clause actually says.
In DFARS 252.204-7012, NIST 800-171 is highlighted as the set of security requirements
necessary to achieve “adequate security” for systems that will interact with covered defense
information (CDI).
NIST Special Publication 800-171A provides guidelines for how a cybersecurity assessment
for NIST 800-171 should be conducted. It can be used to identify the types of questions and
the level of rigor that can be used for an assessment.
The NIST Handbook 162 is a guide that provides information needed to understand NIST
800-171 in less technical language. It gives explanations about how controls from each of
the 14 families outlined in NIST 800-171 can be addressed and the types of questions to ask
during an assessment.
This video provides an overview of the requirements for defense contractors outlined in
NIST 800-171. It describes the NIST Manufacturing Extension Partnership (MEP) three step
process for compliance and helps attendees to gain a better understanding of the NIST 800-171
and NIST Handbook 162 publications. Patricia Toth is a Supervisory Computer Scientist in the
Computer Security Division at NIST.
Documentation Templates and Examples
System Security Plan Templates
These documents can be used to provide examples for how a system security plan
should be structured.
The NIST Small Business Cybersecurity Corner aims to provide companies with cybersecurity
guidance, solutions, and training that is practical actionable, and enables them to
cost-effectively address and manage their cybersecurity risks.