By Keith Millett | Sep 29, 2017 | Product of the Month

The DFARS NIST SP 800-171 compliance deadline of December 31, 2017 is rapidly approaching. 

What is DFARS and how does it affect my business?

DFARS is the Defense Federal Acquisition Regulation Supplement, a three-page interim rule that revises an earlier rule addressing the Safeguarding of Covered Defense Information. This rule requires all government contractors to be able to demonstrate compliance with the safeguards set out in NIST SP 800-171 no later than December 31, 2017. Organizations that are not DFARS compliant risk losing their government contracts and / or any business relationships related to customers that provide products or services to the federal government.

About NIST SP 800-171

NIST Special Publication 800-171 is titled “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations”. As this title might imply, it recommends methods of protecting Controlled Unclassified Information (CUI) when that information is processed, stored, or transmitted by organizations that are not federal entities or direct contractors of federal entities. Beyond this explicitly-stated purpose, SP 800-171 is an excellent tool for evaluating an organization’s security posture at a very high level, which may be attractive for organizations who have not yet engaged with a security consultant to have its information security management program evaluated.

How does CTI’s SHIELD Controls Express leverage NIST SP 800-171 to evaluate my business’s DFARS readiness?

CTI’s SHIELD Controls Express assessment was created with NIST SP 800-171 as its foundation. The tool used by CTI consultants during this assessment allows for an efficient, painless evaluation of the customer’s information security environment without sacrificing the depth and comprehensiveness of the NIST guidelines. Each control requirement comprising the fourteen (14) controls families defined by NIST is addressed, ensuring that the final report provided by CTI accurately portrays an organization’s compliance with NIST and, by proxy, DFARS requirements.


  1. Improve Knowledge and Understanding of Security Risks
    The information that you will gather from the assessment will improve your knowledge and understanding of the current information concerning IT security risks.
  2. Establish Internal Awareness of Information Security Risks
    Improves  internal awareness helps identify security holes quicker and more informed decisions can be made by management, and other weaknesses present in the processing, storing and channeling of data throughout the organizational security controls.
  3. Improve the Overall Security System
    Assessments can improved overall security posture and put the organization in a position to proactively secure and resolve any weakness before it is exploited by unlawful hackers.
  4. Meet Regulatory Compliance Standards
    Regulatory compliance standards must be followed in many industries. If these standards are not adhered to, the company usually faces fines and penalties, and in some extreme cases imprisonment. To help forgo the penalties, a security assessment is undertaken to evaluate current IT security posture of an organization and provide strategies and recommendations to meet the industry standards and requirements.


To learn more and schedule your SHIELD Controls Express assessment, contact CTI at or 800-606-6060.