The DFARS 252.204-7012 requires contractors who are provided or generate Controlled Unclassified Information for the DoD to implement the cybersecurity standard NIST SP 800-171. The DoD IG has several reports about how this implementation is going. Let’s talk about NIST SP 800-171. Let’s learn where contractors start with the standard, how it fits with the Cybersecurity Maturity Model Certification (CMMC) program and questions the contracting team can ask to know if contract cybersecurity is on-track and protecting DoD data.