NIST 800-171 / CMMC 2.0
Manufacturers involved in supply chains tied to government contracts can anticipate those awards bringing in additional revenue at levels that might not be possible otherwise. However, being successful in getting and keeping such work means complying with the Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS).
FAR is a set of regulations that governs all acquisitions and contracting procedures associated with the U.S. government. DFARS accompanies FAR as an addition. The Department of Defense (DoD) is the administrative body behind DFARS, but the reach of DFARS requirements extends to more than that organization.
NIST SP 800-171 is a NIST Special Publication that provides recommended requirements for protecting the confidentiality of controlled unclassified information (CUI). Defense contractors must implement the recommended requirements contained in NIST SP 800-171 to demonstrate their provision of adequate security to protect the covered defense information included in their defense contracts, as required by DFARS clause 252.204-7012. If a manufacturer is part of a DoD, General Services Administration (GSA), NASA or other federal or state agencies’ supply chain, the implementation of the security requirements included in NIST SP 800-171 is a must.
Source: “What is NIST SP 800-171 and Who Needs to Follow it?”