NIST has prescribed a set of 110 security requirements that are derived from a larger standard called NIST SP 800-53 that governs cybersecurity standards for government systems. December 31, 2017 was the designated deadline for implementing the controls as part of DFARS 252.204-7012 to protect confidential unclassified information (CUI) DoD has issued new guidance on how it might penalize business partners that do not adequately adhere to new security rules. NIST released templates for the System Security Plans (SSP), Plan of Actions and Milestones to help make it easier to provide the required documentation.”]