The DFARS 252.204-7012 requires contractors who are provided or generate Controlled Unclassified Information for the DoD to implement the cybersecurity standard NIST SP 800-171. The DoD IG has several reports about how this implementation is going. Let’s talk about NIST SP 800-171. Let’s learn when it applies, how it fits with the Cybersecurity Maturity Model Certification (CMMC) program and questions the contracting team can ask to know if contract cybersecurity is on-track and protecting DoD data.