Government contractors must update 800-171 assessment score to remain eligible for contracts
In April, the Defense Logistics Agency (DLA) reminded its supply base that according to DFARS provision 252.204-7019, Notice of NIST SP 800-171 DoD Assessment Requirements and DFARS clause 252.204-7020, NIST SP 800-171 DoD Assessment Requirements, DLA offerors must have a valid National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 assessment and score on file in the Supplier Performance Risk System (SPRS) to be considered eligible for contract award.
NIST 800-171 is a set of guidelines and standards developed by NIST to provide security requirements for protecting the confidentiality of Controlled Unclassified Information (CUI) in non-federal systems and organizations. These guidelines were developed in response to the growing concern over cybersecurity threats to sensitive information shared between federal agencies and their contractors or partners. NIST 800-171 outlines specific security controls and requirements that non-federal entities must implement to ensure the protection of CUI when stored, processed, or transmitted in their systems.
The implementation of NIST 800-171 is typically required for organizations that do business with the federal government or handle CUI as part of their contractual obligations. Adhering to these standards helps organizations enhance their cybersecurity posture and ensure compliance with federal regulations related to the protection of sensitive information.
Suppliers are required to conduct an assessment of their own computer network security profile against the requirements of NIST 800-171 and identify their assessment score. Assessments are valid for a period of three years. It is the offeror's responsibility to update their assessment in the SPRS prior to expiration to remain eligible for awards subject to controlled unclassified information (CUI) and/or covered defense information (CDI) safeguarding requirements. For more information regarding posting or updating an assessment on SPRS, offerors should visit https://www.sprs.csd.disa.mil/