NIST 800-171 & CMMC: Two Key Questions To Assess Your Risk

You may have heard about the Boeing attack recently – but large, prime contractors to the DoD are not the only ones being targeted.

All defense contractors, large, medium and small, are a high value target of cyber attackers, especially those that handle controlled unclassified information (CUI). Why? Because the CUI is of tremendous value and you could be the weakest link in the chain and serve as the initial point of entry for the attackers.

Do you know what happened with the APT 40 cyberattack?

APT40, a cyber gang sponsored by the government of China, used a variety of tactics and techniques and a large library of custom and open-source malware to compromise defense contractors handling CUI and exfiltrated high value data of national security impact.

In a recent blockbuster case, the FBI indicted three individuals from APT 40 for breaking in to defense contractors that handles CUI.

This case goes to show this can happen to any defense contractor. Here’s what the FBI’s Nick Arico said in a CyberCatch’s podcast:

“This is a perfect example of the threat we face today, especially in the defense sector, and why companies need to make sure cybersecurity controls are in place to prevent incidents in the first place and if one happens to be prepared to swiftly contain and mitigate. APT 40 took advantage of weak or missing controls.”

- Nick Arico | Supervisory Special Agent & Supervisor of Cyber National Security Squad, FBI


Complying with NIST 800-171 is not only the law of the land but also provides proper security and cyber risk mitigation. If your company handles CUI, you must complete a compliance assessment and implement 110 cybersecurity controls under NIST today and soon CMMC. These controls will prevent, detect and respond to threats so you will not become the next victim.

Also, failing to comply can create a significant liability under False Claims Act, which is part of the DoJ’s Civil Cyber-Fraud Initiative.

Recently, Aerojet Rockdyne agreed to pay $9 million to resolve allegations that it violated the False Claims Act by misrepresenting its compliance with cybersecurity requirements in certain federal government contracts.

But complying with NIST 800-171 is not that easy – it is fraught with pitfalls, and each of the controls has a 5, 3, or 1 point value. For each control that is not implemented, you lose points.  

Watch CyberCatch’s NIST 800-171 & CMMC webinar to learn the common pitfalls and how to avoid non-compliance.

Do you know answers to following two key questions? If no, you are at risk.

  • Do you know which of the 110 controls in NIST 800-171 if not implemented or updated periodically will result in a zero score automatically?
  • Did you know if you don’t test your controls periodically what your 110 score would be and how you would be out of compliance with NIST 800-171?

This is why you must approach NIST very seriously – it’s the law of the land for a reason. This is why you need CyberCatch as your trusted partner for compliance.

CyberCatch is the optimal solution for defense contractors to attain compliance quickly, without breaking the bank. CyberCatch’s expert team and AI-Enabled Cybersecurity Solution enables compliance and cyber risk mitigation in 2 weeks or less.

Here’s an endorsement from Dr. Marv Langston:

“DoD has raised the bar with NIST 800-171 and CMMC. CyberCatch is a must-have solution for defense contractors to comply and mitigate cyber risk. I am proud to endorse CyberCatch and serve on the Board of Directors.”

- Dr. Marvin Langston, Former Deputy CIO, U.S. Department of Defense; Director, Information Systems, DARPA; CIO, U.S. Navy

CyberCatch serves a variety of customers, many are defense contractors throughout the U.S. who are raving about the value we are delivering. You must watch this 3-minute video from one of our valued customers – then you will understand our secret to success:

Contact our team today to attain compliance with NIST 800-171 and CMMC quickly, avoid penalties and keep your business safe.

Check out a quick DEMO.

Learn More >

Share This Article

More Articles

Ransomware Rampage: Safeguarding Our Communities Against Cyber Threats

The specter of ransomware attacks hangs ominously over our public sector, casting a shadow of...

Cybersecurity Crisis at K-12: The Continuous Ransomware Attacks and How to Avoid Becoming the Next Victim

With every click of a mouse, K-12 schools face the looming threat of a ransomware disrupting...

Healthcare under siege from cyberattacks: What You Must Do Now

In recent months, the threat of cyberattacks has loomed ominously over the healthcare industry...

Recent AI Case and New Cybersecurity Controls Prescription are a Wakeup Call for Secure AI

From revolutionizing industries to enhancing everyday experiences, Artificial Intelligence (AI) has...

The Growing Threat: Cybersecurity Risks & Legal Penalties for Mortgage Companies

The mortgage industry has become a prime target for cybercriminals seeking to exploit...

The Urgency of FTC Compliance for Auto Dealerships in the Face of Cyber Threats

The automotive industry is a rapidly evolving landscape. While digitization of operations has...

The “Ripple Effect” Cyber Threats Pose to Medium and Large Healthcare Organizations

The healthcare industry has embraced innovative, digital solutions to enhance patient care...

Small Healthcare Organizations Can Shut Down From Cyber Attack Permanently: Why Compliance with HICP Is Key To Survival

There over 6,000 hospitals and over 20,000 other healthcare organizations in the United States, and...