NIST SP 800-171 DFARS users

I’m a long time Asana user - I have recently joined a DoD contractor that is subject to NIST SP 800-171

Are there any organizations out there where you are subject to NIST SP 800-171 and able to use asana without restrictions?

My reach out to Asana directly was less than helpful

We are not DFARS compliant at this time, but we are confident and proud of what we do to protect our customer’s data and, as such, have taken measures to make sure every customer has the information they need to determine exactly how Asana can be trusted. You can find the documents mentioned below in our trust.asana.com page.

To that end, we are sharing our SOC 3 report , which is a summary of our SOC 2 Type II certification produced by 3rd Party auditing firm, The Cadence Group. That document details the scope of their audit and their findings as they measured Asana practices and policies against the SOC 2 Type II criteria. The most important part of that report is that we have been affirmatively certified against those requirements. Additionally, we are sharing our ISO 27001 Compliance Certification. The Cadence Group has assessed Asana’s conformity with the defined requirements of the standard in regards to its Information Security Management Systems.

Asana’s homepage claims NASA uses asana - in theory NASA is subject to NIST 800-171 -but they might have used Asana way back when - or they may use in for the marketing team etc.