NIST Supplier Cybersecurity
Home > NIST Supplier Cybersecurity
Per DoD clause 252-204-7012, DoD contractors and subcontractors are required to implement and comply with security requirements to protect CUI data that is stored, processed, transmitted or used to generate data related to CUI as part of contract performance. These same requirements also apply to any FN America, LLC sensitive data provided to suppliers as part of DOD contract performance.
Please contact FNA.Cyber@fnamerica.com for any cybersecurity questions.
The use of NIST 800-171 as the security framework for protection of CUI. Contractors and Subcontractors need to be in compliance with the requirements in the DFAR clause as well as the NIST security framework by the end of December, 2017.
Areas of non-compliance will need to be reported to DoD within 30 days after contract award or within 30 days of any DoD related subcontract award from FN America, LLC.
These requirements need to be flowed down to any subcontractors used in the performance of any DoD contract.
Any cyber incident (as defined by 252.204-7012) related to CUI data is to be reported to DoD via a reporting website within 72 hours of the incident discovery.
FN America, LLC suppliers are responsible to meet the requirements in DFAR 252-204-7012 and NIST 800-171 and to communicate directly to DoD as required. FN America, LLC will need to be kept informed of any compliance or incident issues as follows:
Provide a copy of any DoD NIST compliance reports as well as any deficiency communications to the FN America, LLC Procurement representative identified on any associated purchase order or contract.
For any incidents (as defined by 252.204-7012) of CUI or FN America, LLC sensitive data, notify the Procurement representative identified on any associated purchase order or contract for which the incident occurred with 72 hours of discovery.