When Do You Need to Meet the Requirements of NIST 800-171?

When Do You Need to Meet the Requirements of NIST 800-171?

Every business that works with the US Department of Defense needs to be compliant with the Defense Federal Acquisition Regulation Supplement (DFARS). This includes both contractors who work directly with the DoD and any subcontractors that in turn work with them.

How Can A Small Business Approach Compliance?

How Can A Small Business Approach Compliance?

Protecting controlled unclassified information (CUI) has been a top priority for the Department of Defense and its 200,000-strong supply chain in recent years. Facing increasing threats from state-sponsored attackers and cybercriminals, defense contractors and their subcontractors are now under increasing pressure to step up their cybersecurity.

Understanding Subcontractor Responsibilities

Understanding Subcontractor Responsibilities

The Defense Industrial Base (DIB) is one of the largest supply chains in the world, employing over a million people in 200,000 organizations. Protecting that supply chain from threats such as state-sponsored attackers and cybercriminals is no easy task, which is why there are strict rules in place governing the collection and usage of data pertaining to the DoD.

What Does the Term ‘Adequate Security’ Really Mean?

What Does the Term ‘Adequate Security’ Really Mean?

The DFARS 252.204-7012 documentation requires defense contractors and subcontractors to implement adequate security measures to protect controlled unclassified information (CUI). This is, of course, an extremely vague term that, by itself, is rather unhelpful.

What You Need to Know About Cyber Incident Reporting

What You Need to Know About Cyber Incident Reporting

Defense contractors operate in one of the most heavily regulated industry sectors of all. They face a wide range of threats from various sources, such as insider threat, social engineering, and state-sponsored attacks. Taking every possible step to achieve the standards demanded by the DFARS 252.204-7012 framework is essential to mitigate those risks and validate your efforts to remain compliant.

5 Ways an MSP Is Your Biggest Compliance Ally

5 Ways an MSP Is Your Biggest Compliance Ally

Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012 covers everything contractors must know about safeguarding covered defense information (CDI) and reporting cyber incidents. The Department of Defense (DoD) implemented DFARS 7012 to guide contractors and their suppliers on how to secure CDI that they store, transmit, or process. 

Why Monitoring Is Key to System Integrity

Why Monitoring Is Key to System Integrity

Working as a contractor for the DoD requires compliance with the DFARS 252.204-7012 rules, which are based on the globally recognized NIST 800-171 guidelines. Meeting these rules is not a one-time fix, but rather something that must be maintained with continuous monitoring and improvement. Above all, security must take a proactive stance, in which contractors have the necessary systems and ...

How Strong Are the Boundaries of Your Systems?

How Strong Are the Boundaries of Your Systems?

DFARS 252.204-7012 Security Requirement 3.12.4 requires contractors of the Department of Defense to create and regularly update a system security plan. This plan should describe the boundaries of your systems and the relationships between these systems.

How A DFARS Gap Assessment Helps You Evaluate Security

How A DFARS Gap Assessment Helps You Evaluate Security

Keeping up with the demands of compliance is a constant challenge, especially for companies operating in a highly regulated sector like the Defense Industrial Base. DFARS 252.204-7012 compliance, which is based on the NIST 800-171 framework, comes with many responsibilities and obligations. To maintain your existing contracts, as well as win requests for proposals for lucrative new projects, it ...

DFARS 252.204-7012: Are the Safeguards for Your IT Systems Enough?

DFARS 252.204-7012: Are the Safeguards for Your IT Systems Enough?

Every business faces a unique set of risks across a number of key domains. If your company stores, processes, or transmits controlled unclassified information (CUI) in the capacity of a defense contractor then you will need to ensure all these risk areas are accounted for. This is essential for upholding your DFARS 252.204-7012 obligations and winning new contracts from the DoD.