As part of our ongoing effort to protect against cyber attacks and other online threats, Park City has enrolled in coursework focused on NIST 800-171 compliance, with emphasis on preparation for the forthcoming CMMC. With the recent roll out of DFARS 252.204-7019 and DFARS 252.204-7020 mandating that DoD suppliers and subcontractors have a NIST SP 800-171 assessment score posted in the SPRS, Park City has been working diligently to understand the new rules so we can assist our customers in reaching compliance.
With major events like the Solar Winds hack and the Colonial Pipeline ransomware attack highlighting the potential impact of a cyber breach, it’s more important now than ever to be sure that you have robust defenses in place. For DoD suppliers who deal with Controlled Unclassified Information (CUI), you’re now required to submit at least a self-assessment score into the Supplier Performance Risk System. This score is calculated using the NIST SP 800-171 framework.
We understand that meeting the requirements put forth in DFARS 252.204-7020 and -7021 can seem like an overwhelming task. Having complied with these new rules ourselves, we are able to extend our knowledge of this topic to our customer base as they work towards their own compliance.
With the higher-level Cybersecurity Maturity Model Certification (CMMC) only a few years down the road, having a comprehensive understanding of the NIST SP 800-171 framework is crucial to being able to continue to conduct business with the government.