If you are thinking about doing business with a vendor who will see your data or connect to your infrastructure, make the following statement.
“Before we start working together, please send me your compliance document for the NIST 800-171 Cyber Security Standards.”
Chances are they won’t know what that is and won’t have anything to send you. That’s Ok. Send them to my free NIST Cyber Security Self Assessment and ask them to send you the result.
If you need help in reviewing their results, let me know.