NIST Manufacturing Extension Partnership (MEP) is pleased to announce the publication of NIST Handbook 162 "NIST MEP Cybersecurity Self-Assessment Handbook For Assessing NIST SP 800-171 Security Requirements in Response to DFARS Cybersecurity Requirements.” The Handbook provides a step-by-step guide to assessing a manufacturer’s information systems against the security requirements in NIST SP 800-171 rev 1.
By December 31, 2017, defense contractors are required to be in compliance with Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012, “Safeguarding Covered Defense Information and Cyber Incident Reporting.” The clause specifies that all Department of Defense contractors and sub-contractors that process, store, or transmit Controlled Unclassified Information must demonstrate adequate security by, at a minimum, implementing the NIST SP 800-171 security requirements.
In addition to helping defense contractors comply with DFARS, the Handbook may also be useful for other manufacturers interested in applying the NIST SP 800-171 security requirements, including those seeking to comply with the Controlled Unclassified Information Federal Acquisition Regulation (FAR) clause. Additionally, manufacturers operating in commercial supply chains may consider implementing the NIST security requirements as an integral aspect of managing their organizational risks.
The MEP National NetworkTM has been active in providing awareness and assistance to help U.S. manufacturers protect their information assets from the risks of cyberattacks. MEP Centers can provide valuable assistance to small manufacturers seeking reduction of their cyber risks and DFARS compliance.