Repercussions of Not Becoming NIST Compliant
After the recent audits made in 2018, seven DoD contractors were found to have been out of compliance with NIST SP 800-171. It is left unknown whether or not those contractors will lose their contracts, but either way, this is still a major issue. DoD contractors are leaving themselves, the United States government and ultimately our servicemen and women at risk by not implementing the necessary controls mandated by NIST SP 800-171 and DFARS 252.204-7012. Along with the seven contractors that failed the audit, a recent tragic event has occurred for another contractor and the U.S. Navy.
On Friday, June 8, 2018, it was announced that Chinese government hackers compromised a Navy contractor’s internal network. American officials confirmed that large amounts of highly sensitive data (about 600 GB) relating to undersea warfare were stolen. The stolen data included information about a planned supersonic anti-ship missile. This breach occurred back in January and February of 2018. The contractor has not been identified for security reasons, but it has been stated that the contractor works for the Naval Undersea Warfare Center (NUWC), located in Newport, Rhode Island.
The stolen documents were noted to have been controlled unclassified information, or CUI, and out of all of the files, details about hundreds of mechanical and software systems were compromised. Because of the severity of the breach, the volume of documents stolen and their contents, this breach is being treated like a classified breach. The recent security standard, NIST SP 800-171, which went into effect on December 31st, 2017, states that all government contractors must protect their Controlled Unclassified Information (CUI), and all contractors must be able to provide proof that they are complying. Incidents such as this one prove just how important complying with the NIST SP 800-171 standard is. Don’t let this happen again, for our government’s sake and our men and women in uniform, and get compliant!