DFARS Archives

A blue transparent gavel and block graphic overlaid with code

Compliance with DFARS 252.204-7012 & NIST 800-171; Expect 2019 to be the year of audit and enforcement

November 29, 2018 / 3 minutes of reading / By Eric Noonan

In 2019 Prime and Subcontractors can expect to be audited against actual implementation the DFARS 252.204-7012 & NIST 800-171 security requirements. For those taking a wait and see approach to the impact of your ability to do business with the DOD without implementing NIST 800-171; you just got your answer, 2019 will be a year of reckoning for non-compliant Prime and subcontractors. With the ability to request a contractor’s plan to track flow down of Covered Defense Information (CDI) and request the contractor’s plan to assess the compliance of their own suppliers, Prime contractors are expected to document and demonstrate enforcement of their own supply chain’s compliance. If you have delayed documenting your SSP, POA&Ms or actually implementing the NIST 800-171 requirements, CyberSheath can lead your efforts to achieve compliance by conducting a gap assessment of your compliance with NIST 800-171, writing the required System Security Plan (SSP) and leading your implementation efforts.

Compliance with DFARS 252.204-7012 & NIST 800-171; Expect 2019 to be the year of audit and enforcement Read More »

Safeguarding Covered Defense Information & Incident Reporting Basics

November 15, 2018 / 3 minutes of reading / By Eric Noonan

As a subcontractor on a Department of Defense contract, you have likely had flow down requirements from your primes related to DFARS clause 252.204-7012, commonly referred to as NIST 800-171. Learn more about these two requirements and achieve compliance before the December 2017 mandate.

Safeguarding Covered Defense Information & Incident Reporting Basics Read More »

Protect and Report Sensitive Data

October 30, 2018 / 4 minutes of reading / By Jeff Schroeder

With the deadline for compliance with DFARS Clause 252.204-7012 having passed on December 31st 2017, many companies are still scrambling to catch up. But in their haste, many may be ignoring a vital aspect of the mandate. Chiefly designed to

Protect and Report Sensitive Data Read More »

A laptop displaying code with code graphics overlaid over image.

Measure Once, Comply Many® — Cybersecurity Compliance As a Natural Outcome of Operational Security

October 25, 2018 / 4 minutes of reading / By Eric Noonan

In today’s digital world, no matter what type of sensitive data you handle, attackers are hard at work developing ways to access it. The rash of high-profile security breaches making headlines every day is clear evidence of the struggle businesses

Measure Once, Comply Many® — Cybersecurity Compliance As a Natural Outcome of Operational Security Read More »

A man sitting working on a laptop and a tablet displaying code with open locks graphics over his laptop.

NIST Compliance — It’s Never Too Late!

October 23, 2018 / 4 minutes of reading / By Richard Brechwald

On December 31, 2017, the deadline passed for defense suppliers to comply with NIST 800-171, a requirement specified in Defense Federal Acquisition Regulation Supplement 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting.” This mandate attempted to ensure a higher

NIST Compliance — It’s Never Too Late! Read More »

A person touching the screen with the words DFARS deadline

The Procrastinator’s Blueprint for NIST 800-171 Compliance

October 18, 2018 / 4 minutes of reading / By Heather Davis

On December 31, 2017, the deadline for compliance with the NIST 800-171, a mandate for contractors serving local and federal governments, came and went. This Special Publication provided guidance on the processes and procedures needed to adequately safeguard controlled unclassified

The Procrastinator’s Blueprint for NIST 800-171 Compliance Read More »

A person using a laptop with a cyber security pop up on the screen.

3 Challenges to Meeting Supply Chain Cybersecurity Requirements

October 16, 2018 / 3 minutes of reading / By Richard Brechwald

More than two years ago, the Department of Defense (DOD) sounded the alarm for increased cybersecurity with a new set of controls designed to raise the level of safeguarding standards across the industry. The requirements specified in Defense Federal Acquisition

3 Challenges to Meeting Supply Chain Cybersecurity Requirements Read More »

CyberSheath Managed Services for Small & Mid-Size Business

October 2, 2018 / 5 minutes of reading / By Eric Noonan

Cybersecurity at small and mid-sized businesses are often under-resourced with an “Army of One” approach to compliance and risk management. Compliance with regulatory requirements like DFARs 252.204-7012, HIPAA, PCI DSS, NERC CIP, Sarbanes Oxley (SOX) and more compete with actual

CyberSheath Managed Services for Small & Mid-Size Business Read More »

A person touching a lock on a screen with the words 'cybersecurity plan'

Understanding DFARS 252.204-7012 and NIST SP 800-171

September 20, 2018 / 4 minutes of reading / By Eric Noonan

Thanks to the increasingly sophisticated and aggressive cybersecurity threats facing the U.S., there has been much focus recently on reinforcing the nation’s cybersecurity. Much of this effort has revolved around strengthening the Department of Defense (DOD) supply chain. The Defense

Understanding DFARS 252.204-7012 and NIST SP 800-171 Read More »

Beyond Compliance: DFARS 252.204-7012 – Safeguarding Covered Defense Information and Cyber Incident Reporting

June 11, 2018 / 4 minutes of reading / By Eric Noonan

The DOD Guidance provides additional information on how they might penalize business partners who fail to adhere to new security rules, including penalties and not being awarded new contracts. Aside from the obvious competitive business reasons to immediately implement the NIST 800-171 security requirements this latest theft of project Sea Dragon data is reminder of the implications to national security. Most of NIST 800-171 is just good cybersecurity hygiene that at a minimum will make contractors harder targets for hostile nation states.

Beyond Compliance: DFARS 252.204-7012 – Safeguarding Covered Defense Information and Cyber Incident Reporting Read More »