Beyond SSP’s and POA&Ms; Successfully Implementing the NIST 800-171 Security Requirements
The recently announced Cybersecurity Maturity Model Certification (CMMC) scheduled for completion by January 2020 has many DOD contractors scrambling to anticipate how to prepare. While there are many unknowns regarding what the CMMC will ultimately look like, DOD contractors should focus on what is already known and currently mandatory with DFARS 252.204-7012, which requires the implementation of NIST 800-171. Stop trying to read the tea leaves and doing the bare minimum by writing System Security Plans (SSP’s) and start implementing the 110 security requirements of NIST 800-171. Demonstrable action, that is NIST 800-171 control implementation, is the best way to prepare for the CMMC.