Not complying with these regulations as of December 31, 2017 puts you at risk of losing current and future DoD contracts.
Under the Defense Federal Acquisition Regulation Supplement (DAFRS), Department of Defense contractors and subcontractors must comply with a cybersecurity program.
In order to comply with DFARS, contractors must address numerous clauses within, including:
252.204-7008: Compliance with Safeguarding Covered Defense Information Controls
252.204-7012: Safeguarding Covered Defense Information and Cyber Incident Reporting with the Application of NIST SP 800-171 controls
What is NIST SP 800-171?
NIST 880-171 applies to Controlled Unclassified Information (CUI) for non-federal systems
Based on NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations
14 security control families
110 security controls