DFARS 252.204-7012: Are the physical safeguards protecting your IT systems enough?

DFARS 252.204-7012: Are the physical safeguards protecting your IT systems enough?

In the days of widespread virtualization and cloud computing, it might seem physical security is no longer as relevant as it once was. However, this is simply not the case. All data has to live somewhere on a physical device, be that in a major data center used by hundreds of other companies or in an in-house server room exclusive to one business. While companies might not have any direct control ...

DFARS Clause 252.204-7012: Is Your Personnel Security Up to Par?

DFARS Clause 252.204-7012: Is Your Personnel Security Up to Par?

There’s a wide range of cybersecurity tools that organizations can use to reduce the risks of data compromise. However, there’s an equally wide variety of cyberthreats, and staying ahead of these requires extensive IT resources and cybersecurity knowledge. Different organizations also have to comply with various government regulations based on the type of data they handle.

DFARS 252.204-7012: What are the best ways to protect media and CUI?

DFARS 252.204-7012: What are the best ways to protect media and CUI?

The DFARS 252.204-7012 clause sets high standards governing the protection, sanitization, and secure destruction of controlled unclassified information (CUI). Compliance is mandatory for any organization that makes up part of the 200,000-strong Defense Industrial Base (DIB), which is the supply chain of the US DoD. Audits may be carried out at any time, so it is crucial that any organization ...

DFARS 252.204-7012: Tips for making sure your IT maintenance is up to standard

DFARS 252.204-7012: Tips for making sure your IT maintenance is up to standard

Unscheduled downtime costs businesses millions of dollars every year, but lost productivity is not the only threat. Maintaining the integrity of any information-bearing system is also essential for adhering to regulatory demands, such as those provided under the DFARS 252.204-7012 clause. Maintaining baseline configurations to ensure the integrity of information and security controls is also a ...

DFARS 252.204-7012: Key Identification and Authentication Protocols

DFARS 252.204-7012: Key Identification and Authentication Protocols

Identification and authentication is one of the central pillars of any cybersecurity strategy, and it is essential to achieving compliance with the DFARS 252.204-7012 clause. Based on NIST SP 800 171, compliance requires adherence to all the primary domains of information security. This also includes measures like mandatory security awareness training, encryption of data at rest or in transit, ...

DFARS 252.204-7012: Are you equipped for configuration management?

DFARS 252.204-7012: Are you equipped for configuration management?

Configuration management is one of the 14 control families covered under the NIST SP 800 171 cybersecurity framework. Adherence to the globally recognized standard is an essential part of achieving compliance with the DFARS 252.204-7012 clause. This is mandatory for any organization that makes up part of the 200,000-strong Defense Industrial Base (DIB), or any business that hopes to win requests ...

DFARS 252.204-7012: How do your accountability standards measure up?

DFARS 252.204-7012: How do your accountability standards measure up?

When a data breach occurs, one of the first things business leaders tend to think about is who or what to blame. This can be a difficult question to answer, in which case the blame will likely shift throughout the organization as leaders, employees, and departments point the finger at one another, often without any solid evidence. If that situation sounds familiar, then you might have a serious ...

DFARS 252.204-7012: Could a lack of training be putting you at risk?

DFARS 252.204-7012: Could a lack of training be putting you at risk?

Most people still think of cybersecurity as a technical challenge and that only the IT department needs to worry about it. This widespread misconception is exactly the reason why employees are often the weakest link in an organization’s security posture. After all, cybercriminals have a far easier time exploiting human ignorance and unpreparedness than trying to break through encryption ...

DFARS 252.204-7012: 14 Control Families You Can’t Afford to Overlook

DFARS 252.204-7012: 14 Control Families You Can’t Afford to Overlook

Any Department of Defense (DoD) contractor must comply with the security standards of the Defense Federal Acquisition Regulation Supplement (DFARS) before it can be given access to controlled unclassified information (CUI). 

5 Common Misconceptions About Managed Service Providers

5 Common Misconceptions About Managed Service Providers

Admittedly, not all managed service providers (MSPs) are created equal. As is the case in any industry, there are both good and bad options. Making the right choices depends on extensive research, as well as shaking the belief that, if you want a job done properly, you have to do it yourself.