Implementation of NIST 800-171 security controls shows the government that your organization has implemented the requisite security controls to protect sensitive but unclassified information. 

 

DFARS Clause 252.204-7012 requires that each organization develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. 

 

Additionally, the DFARS requires that each organization develop plans of actions to remediate any deficiencies found as a result of the assessment and to periodically inform the DOD on progress toward the completion of these remediation tasks. 

 

The ASCERTIS Assessment Engine produces the SSP and POA&M reports for review by DOD or other oversight organizations. For federal contractors, failure to meet the DFARS Clause will result in losing your government contracts.