Cloud IT Security Compliance for government contractors DFARS 252.204-7012 (“DFARS 7012”) which invokes NIST SP 800-171


Back to Blog

Another day,… another regulation. On November 17, 2017 the government requires all contractors that sell anything to the government or a government entity to comply with DFARS 252.204-7012 (“DFARS 7012”) which invokes NIST SP 800-171. What does all this mean? Simply put government contractors need an I.T. Security Policy. Based on DFARS 252.204-7012 (“DFARS 7012”) NIST SP 800-171 it doesn’t matter where you host your data, on premise or in the cloud the same rules now apply.

In order to meet compliance in the cloud for DFARS 252.204-7012 (“DFARS 7012”) NIST SP 800-171 a government contractor must have a documented IT Security policy which meets the security parameters defined in the regulation. Those security policies then need to be implemented and tested in your environment whether your hosting data on premise or in the cloud. Some of the regulation requirements are obvious; password policies, idle session time out policy and a disclaimer upon login identifying to end users they are accessing sensitive information. However, dig deeper and the regulation can get extremely broad and complex to understand, especially if you are hosting data in the cloud.

Cloud hosting and compliance with DFARS 252.204-7012 (“DFARS 7012”) NIST SP 800-171 means you have to be concerned about your own security policy and possibly the policy of your cloud provider. Then of course, that all depends on what kind of hosting you’re doing, public cloud, private cloud, etc. The lines seemingly can get blurred. However, partner with a cloud provider that has extensive knowledge of regulatory compliance standards and you can take the guesswork out of government complaint cloud hosting.

At DTS we provide documentation services and IT Security polices to assist customers to ensure they have the proper paperwork in place to pass a regulatory audit. Then we can adjust or tailor the private cloud security configuration to ensure it meets or exceeds the security parameters necessary to conform to compliance. Don’t wait until the audit strikes or until your customer asks you for your IT security policy and you potentially blow a deal. Contact DTS today to discuss your audit and compliance concerns. Speak with the experts on cloud hosting and DFARS 252.204-7012 NIST SP 800-171 compliance for cloud hosting. Contact us today