The Charles IT Blog

DFARS 252.204-7012: Key Identification and Authentication Protocols

DFARS 252.204-7012: Key Identification and Authentication Protocols

Identification and authentication is one of the central pillars of any cybersecurity strategy, and it is essential to achieving compliance with the DFARS 252.204-7012 clause. Based on NIST SP 800 171, compliance requires adherence to all the primary domains of information security. This also includes measures like mandatory security awareness training, encryption of data at rest or in transit, ...

DFARS 252.204-7012: Are you equipped for configuration management?

DFARS 252.204-7012: Are you equipped for configuration management?

Configuration management is one of the 14 control families covered under the NIST SP 800 171 cybersecurity framework. Adherence to the globally recognized standard is an essential part of achieving compliance with the DFARS 252.204-7012 clause. This is mandatory for any organization that makes up part of the 200,000-strong Defense Industrial Base (DIB), or any business that hopes to win requests ...

DFARS 252.204-7012: How do your accountability standards measure up?

DFARS 252.204-7012: How do your accountability standards measure up?

When a data breach occurs, one of the first things business leaders tend to think about is who or what to blame. This can be a difficult question to answer, in which case the blame will likely shift throughout the organization as leaders, employees, and departments point the finger at one another, often without any solid evidence. If that situation sounds familiar, then you might have a serious ...

DFARS 252.204-7012: Could a lack of training be putting you at risk?

DFARS 252.204-7012: Could a lack of training be putting you at risk?

Most people still think of cybersecurity as a technical challenge and that only the IT department needs to worry about it. This widespread misconception is exactly the reason why employees are often the weakest link in an organization’s security posture. After all, cybercriminals have a far easier time exploiting human ignorance and unpreparedness than trying to break through encryption ...

DFARS 252.204-7012: How effective are your access controls?

DFARS 252.204-7012: How effective are your access controls?

Access control is one of the fourteen groups of information security requirements specified by the NIST 800-171 standard. The standard aims to set a baseline for controlling access to any sensitive data, and adherence to it is a requirement for any organization that forms part of the Defense Industrial Base (DIB). This is according to the DFARS 252.204-7012 clause, which has been included in DoD ...

DFARS 252.204-7012: 14 Control Families You Can’t Afford to Overlook

DFARS 252.204-7012: 14 Control Families You Can’t Afford to Overlook

Any Department of Defense (DoD) contractor must comply with the security standards of the Defense Federal Acquisition Regulation Supplement (DFARS) before it can be given access to controlled unclassified information (CUI). 

What the new HIPAA compliance requirements mean for your business

What the new HIPAA compliance requirements mean for your business

Every organization within the healthcare sector, including their suppliers, is legally obliged to take every reasonable step to safeguard the confidentiality, security, and integrity of protected health information (PHI) according to the health insurance portability and accountability act. A failure to comply with HIPAA regulations can result in civil action and substantial fines, as well as ...

A Guide to New and Proposed HIPAA Regulations: What to Expect

A Guide to New and Proposed HIPAA Regulations: What to Expect

It's been several years since the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was last updated, with the most recent changes being those pertaining to the Omnibus Rule in 2013. This revision saw the introduction of new requirements mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act.

A HIPAA compliance checklist for IT teams

A HIPAA compliance checklist for IT teams

As the digital transformation of healthcare continues to gain ground, adherence to the health insurance portability and accountability act (HIPAA) is more important than ever. The threats are real, and healthcare is a top target for attackers, so it’s never too soon to reevaluate your compliance posture.

5 ways to evaluate HIPAA-compliant storage services

5 ways to evaluate HIPAA-compliant storage services

The health insurance portability and accountability act (HIPAA) was introduced in 1996, when the information technology landscape looked very different to how it does today. As such, it is often difficult to interpret in the context of a modern IT environment, which typically makes use of a wide range of hosted services and mobile technologies. Neither of these things existed in any significant ...