Get a Competitive Advantage in the JCP by Achieving NIST 800-171 Compliance + Increasing your SPRS Score

The Joint Certification Program (JCP) streamlines access to unclassified military technical data for US and Canadian contractors working with the U.S. Department of Defense (DoD) and Canadian Department of National Defence (DND). Recent updates have added a crucial step for JCP applicants: a documented NIST 800-171 assessment and calculating a Supplier Performance Risk System (SPRS) score.

This post outlines the Joint Certification Program, explains the NIST 800-171 requirement, and demonstrates how PreVeil can assist defense contractors in navigating this evolving landscape.

What is the Joint Certification Program (JCP)?

The JCP is a program established in 1985 to facilitate secure information sharing between the US and Canada. JCP certification allows eligible companies access to unclassified, export-controlled technical data critical to national defense. This data can include blueprints, software, operating instructions, and other technical information.

The New NIST 800-171 Requirement for JCP Applicants

As of November 30th, 2020, JCP applicants must have their NIST 800-171 assessment documented in the SPRS. This requirement stems from the Defense Federal Acquisition Regulation Clause (DFARS) 252.204-7012, which mandates NIST 800-171 compliance for all DoD contractors and subcontractors.

What is NIST 800-171?

NIST Special Publication (SP) 800-171 provides a framework for protecting Controlled Unclassified Information (CUI). CUI encompasses sensitive government information that is not classified, but still requires safeguarding.

JCP Renewals and the NIST 800-171 Requirement

Many JCP certifications are approaching their five-year renewal period. Companies renewing their JCP certification for the first time since the NIST requirement came into effect will need to ensure their NIST assessment is documented in the SPRS. Failure to do so will result in a denial of their JCP application.

Simplifying JCP, NIST 800-17, and CMMC Compliance

PreVeil is a proven solution designed to help defense contractors comply with JCP, NIST 800-171, and the Cybersecurity Maturity Model Certification (CMMC) framework. Here’s how PreVeil helps over 1,200 defense contractors in the U.S. and Canada secure sensitive data & achieve compliance:

• Support for 102 out of 110 NIST 800-171 Controls: PreVeil’s File Sharing and Email platform enables contractors to protect CUI with end-to-end encryption & supports 102 out of 110 NIST 800-171 controls.
• Raise your SPRS score: Virginia Tech’s Applied Research Corp increased their SPRS score by 80 points with PreVeil.
• Pre-filled Documentation: Get pre-filled documents with approved language covering all 110 NIST 800-171 controls, including SOPs, SSP, and more.
• Futureproof Compliance: In addition to NIST 800-171, PreVeil is recognized by the DoD as being FedRAMP Moderate Baseline Equivalent, provides support for DFARS 7012 (c-g) Incident Reporting and Media Protection, and uses a FIPS 140-2 validated encryption module to protect CUI. This enables defense contractors to meet CMMC and ITAR compliance with this same system.
• Preferred Partners: We provide 1×1 support through your entire compliance journey – from prep to assessment through our network of consultants and auditors.

Don’t let the new NIST requirement for JCP applications slow you down. PreVeil’s proven solution can help you simplify your NIST 800-171 compliance & save over 60% compared to GCC High.