top of page

Start Your Journey Towards NIST 800-171
and CMMC Certification

1200PX_HEADER forQuestionForm

Don’t be a Victim of Cyber Attacks

Bluestreak Consulting™ can help reduce your Cybersecurity Risk.
Photo of Jet
6 Questions CEOs
Should Ask Their Staff
About DFARS &
NIST SP 800-171


  1. Are we aware of the DFARS & NIST 800-171 requirements and their applicability to our company? CEOs should ask their IT team's understanding of NIST 800-171 and whether they are aware of its relevance to their specific company. This question helps gauge the team's knowledge and awareness of the requirements.

  2. Have we conducted a thorough assessment of our company's compliance with NIST 800-171? CEOs should ask if their IT team has performed a comprehensive gap assessment (with detailed documentation) to determine the company's compliance with NIST 800-171. This includes identifying any gaps or areas that require improvement to meet the required cybersecurity standards.

  3. What steps have we taken to address the assessment gaps and ensure compliance with NIST 800-171? CEOs should ask about the specific actions and measures taken by the IT team to address any gaps identified during the compliance assessment. This question helps assess the team's progress in implementing the necessary controls and safeguards.

  4. Are our employees and stakeholders adequately trained and aware of NIST 800-171 requirements? CEOs should ask if their IT team has provided adequate training and awareness programs to employees and stakeholders regarding NIST 800-171 requirements. This question addresses the importance of cybersecurity education throughout the company.

  5. How do we monitor and assess ongoing compliance with NIST 800-171? CEOs should ask about the mechanisms and processes in place to monitor and assess ongoing compliance with NIST 800-171. This includes regular audits, reviews, and assessments to ensure continued adherence to the requirements.

  6. What is our plan for evolving and improving our cybersecurity in line with NIST 800-171? CEOs should ask about the company's strategic plan for continuously improving its cybersecurity posture in alignment with NIST 800-171. This question emphasizes the need for a proactive approach and ongoing efforts, with adequate documentation, to enhance security measures.


These questions facilitate communication between CEOs and IT teams, ensuring a shared understanding of DFARS & NIST 800-171 requirements, compliance efforts, and the company's overall cybersecurity strategy for protecting your data and your customer’s data. If there aren’t internal discussions going on now about this, your company, and future business, is at risk.  Now is the time!
















What is DFARS (252.204-7012)?


DFARS (Defense Federal Acquisition Regulation Supplement) is a set of regulations that impose cybersecurity requirements on contractors and subcontractors working with the U.S. Department of Defense (DoD). These regulations aim to protect sensitive information and ensure the integrity and confidentiality of DoD data.


DFARS includes specific cybersecurity standards and controls that contractors must implement to safeguard covered defense information (CDI) and controlled unclassified information (CUI). These standards are based on the NIST 800-171 framework.


What is NIST SP 800-171?


NIST SP 800-171 (National Institute of Standards and Technology Special Publication 800-171) is a publication that provides guidelines for protecting CUI in non-federal information systems and organizations. It establishes a set of security requirements that contractors and subcontractors must meet to handle CUI appropriately.


The NIST 800-171 framework consists of 14 different security control families, covering areas such as access control, incident response, physical security, and system and communication protection. These controls serve as a baseline for implementing security measures to protect CUI from unauthorized access, disclosure, and loss.


Both DFARS and NIST 800-171 play a critical role in ensuring the cybersecurity of defense contractors and subcontractors. They require organizations to implement adequate security controls, develop and maintain cybersecurity policies and procedures, and regularly assess and monitor their systems to protect sensitive information and fulfill their contractual obligations with the Department of Defense.


You could potentially be jeopardizing your current contracts and future business if your customers ask you to demonstrate proof of compliance.  


Let us help you secure your data and secure your future.

contact us image
bottom of page