Protecting controlled unclassified information (CUI) has had the spotlight for a while now, primarily as an extensive focus of the Department of Defense (DoD) for the past several years. As a member of the Defense Supply Chain, your company likely falls under the new defense cyber security regulation for this year and every year hereafter. Defense supplier SMBs / SMEs are scrambling to prove adequate compliance as to not lose their existing contracts and secure new. If you're a defense manufacturer or make products for haven't researched DFAR
The NIST Special Publication 800-171 requirement was developed to ensure that those working in conjunction with Department of Defense would have methods in place to protect sensitive information. The regulatory document published by the National Institute of Standards and Technology and the Under Secretary for Defense Aquisition states that “protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully carry out its designated missions and business operations.” It was published as a Defense Federal Aquisition Requlation Supplement, which is a defense-related version of a Federal Aquisition Regulation (or FAR) including the cyber DFARS clause 252.204-7012.
In Translation... As a small manufacturer in the defense supply chain, you have to prove that you're DFARS compliant or at least following a plan for 800-171 compliance.
More background on the DFARS cyber requirements:
NIST SP 800-171: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
Information Security Magazine: Small Defense Contractors Get Ready to Meet New NIST Standards