All U.S. Department of Defense contractors who process, store or transmit controlled unclassified information must meet the Defense Federal Acquisition Regulation Supplement minimum security standards.

These security controls must be implemented at both the contractor and subcontractor levels based on the information security guidance in NIST Special Publication 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.”

We provide independent and confidential audits and assessments to assist you in understanding and navigating the NIST framework and criteria to ensure compliance with federal contracting law and regulations.

If your organization has suffered a data breach or incident, please contact us at any time (24/7) here and a Thompson Hine cybersecurity attorney will respond to you as soon as possible.