DFARS

Checklists

Beyond SSP’s and POA&Ms; Successfully Implementing the NIST 800-171 Security Requirements

The recently announced Cybersecurity Maturity Model Certification (CMMC) scheduled for completion by January 2020 has many DOD contractors scrambling to anticipate how to prepare. While there are many unknowns regarding what the CMMC will ultimately look like, DOD contractors should focus on what is already known and currently mandatory with DFARS 252.204-7012, which requires the implementation of NIST 800-171. Stop trying to read the tea leaves and doing the bare minimum by writing System Security Plans (SSP’s) and start implementing the 110 security requirements of NIST 800-171. Demonstrable action, that is NIST 800-171 control implementation, is the best way to prepare for the CMMC.

Beyond SSP’s and POA&Ms; Successfully Implementing the NIST 800-171 Security Requirements Read More »

An aerial view of the pentagon with a computer code overlay

Recent News: Act Now to Achieve NIST 800-171 Compliance or Risk Your Ability to Contract with the DOD

The window of opportunity for achieving compliance with DFARS 252.204-7012, which requires the implementation of NIST 800-171 across the DOD supply chain, continues to get smaller as the ability to self-certify is set to expire.

CyberSheath attended the Professional Service Council’s 2019 Federal Acquisition Conference where Special Assistant to DOD’s Assistant Secretary of Defense Acquisition for Cyber Katie Arrington stated clearly that “…cost, schedule, and performance cannot be traded for security.” Security is the foundation of defense acquisition.

Recent News: Act Now to Achieve NIST 800-171 Compliance or Risk Your Ability to Contract with the DOD Read More »

A blue transparent gavel and block graphic overlaid with code

Compliance with DFARS 252.204-7012 & NIST 800-171; Expect 2019 to be the year of audit and enforcement

In 2019 Prime and Subcontractors can expect to be audited against actual implementation the DFARS 252.204-7012 & NIST 800-171 security requirements. For those taking a wait and see approach to the impact of your ability to do business with the DOD without implementing NIST 800-171; you just got your answer, 2019 will be a year of reckoning for non-compliant Prime and subcontractors. With the ability to request a contractor’s plan to track flow down of Covered Defense Information (CDI) and request the contractor’s plan to assess the compliance of their own suppliers, Prime contractors are expected to document and demonstrate enforcement of their own supply chain’s compliance. If you have delayed documenting your SSP, POA&Ms or actually implementing the NIST 800-171 requirements, CyberSheath can lead your efforts to achieve compliance by conducting a gap assessment of your compliance with NIST 800-171, writing the required System Security Plan (SSP) and leading your implementation efforts.

Compliance with DFARS 252.204-7012 & NIST 800-171; Expect 2019 to be the year of audit and enforcement Read More »

A cyber incident pop up

Learn the Basics of Safeguarding Covered Defense Information and Cyber Incident Reporting

As a subcontractor on a Department of Defense contract, you have likely had flow down requirements from your primes related to DFARS clause 252.204-7012, commonly referred to as NIST 800-171. Learn more about these two requirements and achieve compliance before the December 2017 mandate.

Learn the Basics of Safeguarding Covered Defense Information and Cyber Incident Reporting Read More »

A laptop displaying code with code graphics overlaid over image.

Measure Once, Comply Many® — Cybersecurity Compliance As a Natural Outcome of Operational Security

In today’s digital world, no matter what type of sensitive data you handle, attackers are hard at work developing ways to access it. The rash of high-profile security breaches making headlines every day is clear evidence of the struggle businesses

Measure Once, Comply Many® — Cybersecurity Compliance As a Natural Outcome of Operational Security Read More »