SSP

The Department of Defense (DoD) recently issued final guidance for requiring activities to assess contractors’ System Security Plans (SSPs) and their implementation of the security controls in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171.  A draft of this guidance was made available for public comment in April 2018.  As noted in our original post on the draft guidance, DoD’s proposed approach raised significant questions as to what role offerors’ implementation of the security controls in NIST SP 800-171 would play in bid protests, contract performance, and post award audits.  In the memorandum accompanying the final guidance documents, DoD notes that it has incorporated comments it received from the public into the final guidance.  As discussed below, although the DoD has addressed some of the issues raised by the April draft, the final guidance adds some additional concerns and ambiguities.
Continue Reading DoD Issues Final Guidance for Assessing Contractor Compliance with NIST SP 800-171