Understanding the Purpose of NIST CSF Controls

Understanding the Purpose of NIST CSF Controls

The NIST Cybersecurity Framework was first released in 2014 with the purpose of promoting better risk management and innovation across the critical infrastructure sector in the US. Since then, it has been widely adopted around the world across a multitude of industries, including defense, healthcare, and legal.

Why is the NIST Cybersecurity Framework Important?

Why is the NIST Cybersecurity Framework Important?

Organizations of all types and sizes face unrelenting threats from malicious actors, including organized cybercrime, corporate espionage, and state-sponsored attackers. Every business owes it to themselves, their stakeholders, and their customers to take a proactive stance to IT security and risk-management, which is why the NIST Cybersecurity Framework has been adopted globally as the gold ...

The Basics of Designing A System Security Plan

The Basics of Designing A System Security Plan

The DFARS 252.204-7012 clause requires that all contractors and subcontractors of the US Department of Defense maintain an up-to-date system security plan (SSP). You will likely be asked to provide this plan before you can sign any contract with the DoD as evidence showing that your organization has achieved an adequate level of security. Your SSP should align with the requirements of the NIST ...

What Are the Consequences of Noncompliance?

What Are the Consequences of Noncompliance?

Navigating DFARS 252.204.7012 compliance requirements can be challenging. It requires tightening DFARS-specific security controls, an area in which the expertise of compliance experts who can help fill the gaps in your IT system will prove invaluable. More importantly, they can help ensure you abide by your contract with the Department of Defense (DoD) to protect covered defense information (CDI) ...

What Exactly is Considered CUI?

What Exactly is Considered CUI?

Signing off contracts with the US Department of Defense, either in the capacity of a contractor or subcontractor, can be highly lucrative. After all, the DoD is an enormous market consisting of around 200,000 organizations that make up the Defense Industrial Base (DIB).

When Do You Need to Meet the Requirements of NIST 800-171?

When Do You Need to Meet the Requirements of NIST 800-171?

Every business that works with the US Department of Defense needs to be compliant with the Defense Federal Acquisition Regulation Supplement (DFARS). This includes both contractors who work directly with the DoD and any subcontractors that in turn work with them.

How Can A Small Business Approach Compliance?

How Can A Small Business Approach Compliance?

Protecting controlled unclassified information (CUI) has been a top priority for the Department of Defense and its 200,000-strong supply chain in recent years. Facing increasing threats from state-sponsored attackers and cybercriminals, defense contractors and their subcontractors are now under increasing pressure to step up their cybersecurity.

Understanding Subcontractor Responsibilities

Understanding Subcontractor Responsibilities

The Defense Industrial Base (DIB) is one of the largest supply chains in the world, employing over a million people in 200,000 organizations. Protecting that supply chain from threats such as state-sponsored attackers and cybercriminals is no easy task, which is why there are strict rules in place governing the collection and usage of data pertaining to the DoD.

What Does the Term ‘Adequate Security’ Really Mean?

What Does the Term ‘Adequate Security’ Really Mean?

The DFARS 252.204-7012 documentation requires defense contractors and subcontractors to implement adequate security measures to protect controlled unclassified information (CUI). This is, of course, an extremely vague term that, by itself, is rather unhelpful.

What You Need to Know About Cyber Incident Reporting

What You Need to Know About Cyber Incident Reporting

Defense contractors operate in one of the most heavily regulated industry sectors of all. They face a wide range of threats from various sources, such as insider threat, social engineering, and state-sponsored attacks. Taking every possible step to achieve the standards demanded by the DFARS 252.204-7012 framework is essential to mitigate those risks and validate your efforts to remain compliant.