If you feel overwhelmed by the CMMC process and even where to start, you are not alone. Many...
NIST SP 800-171 Rev 3 Has Been Finalized
Yesterday, May 14th 2024, the National Institute of Standards and Technology (NIST) published the final versions of two documents:
- NIST SP 800-171 Rev. 3 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
- NIST SP 800-171A Rev. 3 Assessing Security Requirements for Controlled Unclassified Information
This has been a long-awaited update for NIST SP 800-171. In the past few months, there has been a lot of concern over how the new revision will impact current contracts. Current contracts with the DFARS 252.204-7012 clause will only need to meet NIST SP 800-171 Rev. 2 until the memorandum published by the Office of The Under Secretary of Defense is rescinded. For those looking at CMMC 2.0 compliance, we expect that there will be no changes any time soon to the assessment requirements.
In the coming weeks, look for a new blog post where we review the changes in NIST SP 800-171 and how they could potentially impact your compliance in the future.