Locklizard document security enables you to easily comply with NIST and DFAR contract requirements for protection of CUI (Controlled Unclassified Information).
Control document access, ensure information becomes inaccessible both automatically and on demand, control document use (e.g. stop printing or lock use to specific locations), log document use and enforce information security controls regardless of where documents reside.
Back in June 2015 the National Institute of Standards and Technology (NIST) published SP 800-171, for Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. The catchy acronym CUI is used to describe the information.
The intent of the standard is to ensure that:
They define fourteen ‘families’ of security requirements for protecting CUI in nonfederal information systems and organizations. Non-federal organizations can implement a variety of potential security solutions either directly or through the use of managed services.
This standard became mandatory as of 31 December 2017 for all defense suppliers that receive a contract or subcontract subject to the new requirements. What this means is that it becomes a part of the DFAR contract requirement that suppliers will have to meet.
There are provisions that allow organizations to self-certify compliance rather than introducing a formal certification regime. But there is a sting in the tail that in the event of non-compliance being discovered, apart from contract termination there may be actions for criminal fraud and breach of contract.
If you distribute CUI information using PDF documents then you are within the scope of NIST 800-171 compliance and you should consider if you need to: