I think this is a dumb question, but while I'm researching the answer I thought I'd come to the hub of all knowledge and pose the question here.
I'm seeing some traffic in my inbox from multiple customers regarding compliance to NIST SP 800-171, so I'm assuming that some implementation target date is approaching. This standard appears (research in progress) to address network and information security in organizations.
Since we have big aerospace customers, who occasionally provide us source control drawings, and also our own proprietary data on our network, it seems logical that we would be required to observe at least rudimentary security precautions.
But somebody in my organization touched on this topic with a customer prior to my involvement and made the statement that the requirements do not apply to us since some of our products are publicly available. Before I go step on those toes (they are upstairs) I am doing my homework.
Anybody here dealing with the NIST SP 800-171 standard, or it's big brother DFARS 252.204-7012?
As always, thank you so very much for participating in this forum.