Friday, January 12, 2018

Revised NIST Standard Might Impact Your Compliance

By: Elliot Forsyth

The information security standard set forth by the National Institute of Standards and Technology (NIST), known as NIST SP 800-171, has experienced multiple revisions since its original publication in June 2015. Following these changes, many individuals are left wondering where their company stands with compliance and what steps they must take next. The following brief history and explanation of NIST 800-171 is meant to clarify these and other questions about the standard.

In August of 2015, the Department of Defense (DoD) added an interim rule to the Defense Federal Acquisition Regulation Supplement (DFARS) which required all relevant companies with government contracts to comply with NIST 800-171 under clause 252.204-7008 and 252.204-7012. The original NIST 800-171 publication contained 109 controls that contractors had to comply with for all systems that contained Covered Defense Information (CDI), which includes Unclassified Controlled Technical Information (UCTI) and other categories of non-classified information that require special handling.

Since its release, NIST 800-171 has been superseded by NIST 800-171 Revision 1, published in December 2016 and further updated in November 2017. Among terminology changes, Revision 1 also included the addition of a new control (now 110 in total), as well as specific requirements for how a company can reach compliance. These requirements include the completion of an assessment of cybersecurity compliance, a System Security Plan (SSP), a Plan of Action and Milestones (PoAM) and an Incident Response Plan (IRP).

On September 21, 2017, the Office of the Under Secretary of Defense released a memorandum which stated that, under the DFARS clause, contractors must implement the version of the standard that was in effect at the time of contract award. Meaning, if a company signed a contract after Rev. 1 was in effect, they will follow the updated guidelines. If a company signed a contract before Rev. 1 was in effect, they may choose to leave their contract as it is or work to have their contract revised. Contractors then must work with contracting officers to modify their contracts to authorize use of the most recent version of 800-171.

To help with these contract modifications, the Office of the Under Secretary of Defense released a second memorandum on December 15, 2017 which requested that contracting officers handle contract revisions via the mass modification system. This system automates contract revisions electronically, making modifications simpler to identify and accomplish.

To put it briefly, as it stands now, all companies who have contracts containing DFARS clauses 252.204-7008 or 252.204-7012 and handle CUI should know the following information about the standard:

  • Contractors are bound to the version of NIST 800-171 that was published at the time of contract signage. However, without contract modification, they are potentially not protected or compliant based on current revisions.
  • Contracts signed under the original NIST 800-171 standard cannot necessarily consider completion of an SSP and PoAM as proof of compliance, as these documents were not listed as requirements in their contract. Contracts must first be modified in order to use these documents as proof of compliance.
  • Contractors can solicit their contract officers to have their contracts modified to include the latest version of 800-171, which will most likely be handled through the mass modification system.

The Michigan Manufacturing Technology Center (The Center) is available to assist companies who need to create and implement an SSP and PoAM. Learn more about how The Center can help your company reach compliance here.

The recent December memorandum, along with the September 2017 memorandum, can be found here.

Elliot Forsyth
Vice President of Business Operations

Elliot is Vice President of Business Operations at The Center, where he is responsible for leading practice areas that include cybersecurity, technology acceleration, marketing, market research and business development. Over the past two years, Elliot has led The Center's effort to develop a state-of-the-art cybersecurity service for companies in the defense, aerospace and automotive industries, supporting Michigan companies in safeguarding their businesses and maintaining regulatory compliance. 

Since 1991, the Michigan Manufacturing Technology Center has assisted Michigan’s small and medium-sized businesses to successfully compete and grow. Through personalized services designed to meet the needs of clients, we develop more effective business leaders, drive product and process innovation, promote company-wide operational excellence and foster creative strategies for business growth and greater profitability. Find us at

Friday, January 5, 2018

Disengaged Employees? This Post Is for You

By: Mike Beels

Most organizations now know the importance of having an engaged workforce, largely due to the undeniable link between engagement and profitability. Workforce engagement can be described as a combination of commitment to the organization and its values and a willingness to help colleagues. Essentially, it is interpreted as the execution of discretionary effort. Engagement is something the employee has to offer to the employer; it cannot be taught and it cannot be required. Casual observation will not necessarily detect a disengaged employee. Instead, thorough analyzations are required to effectively measure workforce engagement.

More and more companies are beginning to invest in efforts to track, measure and ultimately increase engagement in order to improve business results. Gallup is one organization that has collected a great deal of information on the subject. When researching sources of engagement and disengagement in the workplace, they found fundamental needs that all employees share. Below I have listed those needs, separated into categories of Basic Needs, Individual Needs, Teamwork Needs and Growth Needs, as well as Gallup’s suggested approaches for how to tackle each problem.

Basic Needs:
  • Focus Me: Employees need to know how their tasks or expectations fit with the company’s vision. Ensuring workers have clear goals and responsibilities will enable them to commit, deliver and focus on what matters most.
  • Free Me from Unnecessary Stress: Give workers the resources necessary, such as materials, equipment and information, to reach the outcomes they are attempting to achieve. Show them someone understands their individual needs by proactively seeking and positioning the right resources accordingly.

Individual Needs:
  • Know Me: Team members want to maximize their contributions. Focus on how employees are internally motivated and find activities in which they are most naturally gifted. This will lead to a boost in morale and confidence that will manifest itself in business results.
  • Help Me See My Value: Best efforts should be acknowledged and valued. Offering
    recognition that is authentic and meaningful shows workers they belong to a team where recognizing others is encouraged.
  • Care About Me: Employees should know they are more than just a number. Demonstrate concern and show personal interest in all employees, treating them as people first and employees second.
  • Support My Growth: Employees might need assistance with navigating their career paths. As they search for the right role for them, they want to know there is someone encouraging them to grow and develop, helping to push them beyond their current thinking. 

Teamwork Needs:
  • Hear Me: Regardless of industry, all employees want to feel valued. Making a significant contribution to the work environment is a main area of concern for many workers. This can bring workers closer together, as well as reinforce self-worth.
  • Give Me a Sense of Importance: Excellent performance occurs when people are deeply attached to a sense of purpose in their lives. If employees feel that their job is important, they will want to do more.
  • Help Me Feel Proud: Although adherence to standards cannot be forced, employees need to know that their colleagues are committed to producing quality work. Open and honest communication is a necessity, along with understanding and respect for each other’s efforts.
  • Build Mutual Trust with Me: Friendship is the gateway to building mutual trust, and it creates opportunities for collaboration and teamwork. When employees have trusted relationships at work, their lives become richer and productivity increases.

Growth Needs:
  • Review My Contributions: Employees want to know how they are doing, how their work is being perceived and where their work is heading. Management should meet with employees to identify tasks that align with workers’ skillsets and create a development plan that supports each individual’s full learning potential. This enables employees to maximize their contributions to the organization.
  • Challenge Me: The need to learn and grow is a natural human instinct. One way that employees can accomplish this is to find more efficient ways of completing their tasks. The best teams are never satisfied with the current way of doing things; they always strive to find better, more efficient ways to work.

Workforce engagement is an often forgotten or ignored piece of a business’ success. Unfortunately, this can be especially detrimental for manufacturers, as the industry reportedly has the lowest workforce engagement levels. With only 20 to 25% of workers engaged, it is more important than ever for manufacturers to invest in improving engagement. In doing so, employees will become more motivated and focused, leading to better results than ever before.

Mike Beels
Lean Program Manager

Mike Beels has served in the role of Lean Program Manager for the Lean Business Solutions Team at The Center for more than 12 years. Mike’s areas of expertise include Change Leadership, Workforce Engagement and Succession Planning, as well as the entire portfolio of Lean strategies and methodologies. He is a professional trainer and has the ability to command an audience and deliver the training message in a way that participants can understand in a clear, non-threatening manner. Mike always leaves trainees excited and ready to complete training transfer to the shop floor or office. 

Since 1991, the Michigan Manufacturing Technology Center has assisted Michigan’s small and medium-sized businesses to successfully compete and grow. Through personalized services designed to meet the needs of clients, we develop more effective business leaders, drive product and process innovation, promote company-wide operational excellence and foster creative strategies for business growth and greater profitability. Find us at