General Manager, Quality Assessments Division
Akron, OHContact Aaron
As previously announced in May 2021, Smithers Quality Assessments launched an Information Security Services line of offerings (Smithers Launches Information Security Services - Smithers). Within these offerings are NIST 800-171 Gap Assessment activities which can be tailored to a variety of different organizational needs, sizes, and considerations.
Specific with organizations who supply the Defense Industrial Base (DIB) or support otherwise government contract work, we are seeing DoD communications such as the below which require organizations to ensure they are completing the appropriate NIST 800-171 assessments and ensuring they are uploaded and available into the DoD Supplier Performance Risk System (SPRS).
Notice to DLA Suppliers: Export-controlled technical information is Controlled Unclassified Information (CUI)/Controlled Technical Information (CTI). DLA suppliers seeking export-controlled technical data for DLA procurement opportunities must have a current National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 cybersecurity assessment (i.e., not more than 3 years old unless a lesser time is specified in the solicitation) posted to the DoD Supplier Performance Risk System (SPRS) to be considered for award.
DLA Suppliers who currently have an approved Enhanced Joint Certification (JCP) but have not posted their NIST SP 800-171 assessment to SPRS will not be able to access export-controlled technical data in DLA’s technical data repository after 16 August 2021. Instructions for posting an assessment on SPRS can be found at https://www.sprs.csd.disa.mil/. For additional information on NIST SP 800-171 assessments and other DoD requirements for safeguarding covered defense information please see DFARS provision 252.204-7019 and clause 252.204-7020 NIST SP 800-171 DoD Assessment Requirements.
- via www.dla.mil
Smithers is actively working with organizations to help them navigate these requirements, understand appropriate remediation opportunities as well as upload though this SPRS (above) process to ensure continual conformance with these types of DoD requirements.
If a discussion is of interest in how we can help you/your organization support these types of services, please do not hesitate to contact us.