Compliance Archives

Complying with DOD Cybersecurity Requirements: What do NIST 800-171 Revision 2 and 800-171B Drafts Mean for Your Business?

June 24, 2019 / 3 minutes of reading / By Eric Noonan

NIST 800-171 Revision 2 and 800-171B drafts were released for comment last week, and as expected there have been no major changes proposed to the controls in NIST 800-171 Revision 2. For DOD contractors waiting to implement the required security requirements of NIST 800-171 Revision 1 pending the latest updates, the proposed updates won’t buy you any time. The fact is enforcement is underway and compliance with DOD cybersecurity requirements is a go/no go decision if you are serious about being eligible to do business with the DOD.

Complying with DOD Cybersecurity Requirements: What do NIST 800-171 Revision 2 and 800-171B Drafts Mean for Your Business? Read More »

Beyond SSP’s and POA&Ms; Successfully Implementing the NIST 800-171 Security Requirements

June 18, 2019 / 3 minutes of reading / By Eric Noonan

The recently announced Cybersecurity Maturity Model Certification (CMMC) scheduled for completion by January 2020 has many DOD contractors scrambling to anticipate how to prepare. While there are many unknowns regarding what the CMMC will ultimately look like, DOD contractors should focus on what is already known and currently mandatory with DFARS 252.204-7012, which requires the implementation of NIST 800-171. Stop trying to read the tea leaves and doing the bare minimum by writing System Security Plans (SSP’s) and start implementing the 110 security requirements of NIST 800-171. Demonstrable action, that is NIST 800-171 control implementation, is the best way to prepare for the CMMC.

Beyond SSP’s and POA&Ms; Successfully Implementing the NIST 800-171 Security Requirements Read More »

An aerial view of the pentagon with a computer code overlay

Recent News: Act Now to Achieve NIST 800-171 Compliance or Risk Your Ability to Contract with the DOD

June 14, 2019 / 3 minutes of reading / By Eric Noonan

The window of opportunity for achieving compliance with DFARS 252.204-7012, which requires the implementation of NIST 800-171 across the DOD supply chain, continues to get smaller as the ability to self-certify is set to expire.

CyberSheath attended the Professional Service Council’s 2019 Federal Acquisition Conference where Special Assistant to DOD’s Assistant Secretary of Defense Acquisition for Cyber Katie Arrington stated clearly that “…cost, schedule, and performance cannot be traded for security.” Security is the foundation of defense acquisition.

Recent News: Act Now to Achieve NIST 800-171 Compliance or Risk Your Ability to Contract with the DOD Read More »

DFARS 252.204-7012 and NIST SP 800-171 Compliance: What Defense Contractors Need to Know

May 20, 2019 / 4 minutes of reading / By Eric Noonan

With the Department of Defense (DOD) promising the release of an update to NIST Special Publication 800-171, it is imperative defense contractors understand what DFARS 252.204-7012 and NIST SP 800-171 Clause is and how noncompliance with the Clause will impact their business.

DFARS 252.204-7012 and NIST SP 800-171 Compliance: What Defense Contractors Need to Know Read More »

A computer screen with a locked blue lock

Understanding the NIST Risk Management Framework (RMF)

May 17, 2019 / 4 minutes of reading / By Casey Lang

Adopt the RMF to cope with growing risk and comply with strict legislation— think defense (DFARS), healthcare (HIPAA), and retail/payment (PCI).

Understanding the NIST Risk Management Framework (RMF) Read More »

A person touching floating icons with different domains

Who’s Been Playing Solitaire on the Domain Controller?

November 12, 2018 / 4 minutes of reading / By Richard Brechwald

Cybercriminals are constantly looking for ways into your system.

Who’s Been Playing Solitaire on the Domain Controller? Read More »

A person pointing at different technology icons

That Doesn’t Apply To Us; We Do That In The Cloud

November 6, 2018 / 4 minutes of reading / By Richard Brechwald

Companies are becoming increasingly enamored with the advantages offered by cloud computing. However, many mistakenly assume that once you upload your data, it’s up to the cloud service provider (CSP) to keep it all safe and sound.

That Doesn’t Apply To Us; We Do That In The Cloud Read More »

A laptop displaying code with code graphics overlaid over image.

Measure Once, Comply Many® — Cybersecurity Compliance As a Natural Outcome of Operational Security

October 25, 2018 / 4 minutes of reading / By Eric Noonan

In today’s digital world, no matter what type of sensitive data you handle, attackers are hard at work developing ways to access it. The rash of high-profile security breaches making headlines every day is clear evidence of the struggle businesses

Measure Once, Comply Many® — Cybersecurity Compliance As a Natural Outcome of Operational Security Read More »

A man sitting working on a laptop and a tablet displaying code with open locks graphics over his laptop.

NIST Compliance — It’s Never Too Late!

October 23, 2018 / 4 minutes of reading / By Richard Brechwald

On December 31, 2017, the deadline passed for defense suppliers to comply with NIST 800-171, a requirement specified in Defense Federal Acquisition Regulation Supplement 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting.” This mandate attempted to ensure a higher

NIST Compliance — It’s Never Too Late! Read More »

A person touching the screen with the words DFARS deadline

The Procrastinator’s Blueprint for NIST 800-171 Compliance

October 18, 2018 / 4 minutes of reading / By Heather Davis

On December 31, 2017, the deadline for compliance with the NIST 800-171, a mandate for contractors serving local and federal governments, came and went. This Special Publication provided guidance on the processes and procedures needed to adequately safeguard controlled unclassified

The Procrastinator’s Blueprint for NIST 800-171 Compliance Read More »