Resource Center Publications | DHG Views


Compliance with NIST 800-171 for Protecting Controlled Unclassified Information


The cost, schedule and performance of a contract have been the traditional “pillars” by which the Federal Government has evaluated contractors. However, with cyber-attacks against the Federal Government on the rise, the Department of Defense (DoD) has placed increased scrutiny on the security of data at its various contractors. This attention is being pushed down the supply chain to even the smallest subcontractors. A report on supply chain security, recently published by The MITRE Corporation1 , calls for security to be the new “fourth pillar” of acquisition planning, equal to cost, schedule and performance.

NIST Special Publication 800-171 is the standard against which contractors are being evaluated, and compliance with the framework will be the differentiator between companies that win contracts and those that do not. Compliance with the NIST framework was first required in DFARS 252.204-7012, and we are seeing the control set adopted by other government agencies, including the Transportation Security Administration and the Department of Homeland Security.

The four pillars: cost, schedule, performance, security

Continue Reading

Tom Tollerton
Senior Manager, DHG IT Advisory

Bill Walter
Managing Director, DHG Government Contracting

Industry Issues

Services In Focus
Alerts, News
& Publications

2018 Year End Tax Planning Letter
It is hard to believe that the year is almost over, and the holiday season is...
Read More

Targeted Improvements to Related Party Guidance for ...

On October 31, 2018, the Financial Accounting Standards Board (“FASB”)...
Read More

Revenue Recognition: A Private Company Disclosure Guide
The Financial Accounting Standards Board issued Accounting Standards...
Read More



Have You Heard of...
WCSC-TV’s Live 5
Read More

Warranty Woes in ...

Warranties seem
Read More

Case Studies