888.678.7282    Get SUPPORT

Strata Information Technology Blog


Sharing this great blog article by Brian Berger – Executive Vice President of Cytellix Cybersecurity The deadline for the supply chain to meet compliance with NIST SP 800-171 under Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 was December 31, 2017. As we are all aware, the enforcement and teeth of this deadline was deferred until NOW. By the end of August 2018, all contractors who have been awarded contracts to provide products or services which requires the use of Controlled Unclassified Information (CUI), will be put on notice that enforcement will begin with the new government fiscal year starting October 1, 2018. The obligation of proof is placed upon the supplier, their suppliers and their suppliers.

What does this mean for the supply chain under these contracts? Audits will begin on October 1, 2018 for proof of compliance. The two forms of remedies for failing the audits include a Corrective Action Reports (CAR) and/or loss of contract. The end of the “grace period” has come to an end as well as the request for waivers.

What will occur in the audit is not merely a documentation exercise. Many consultants provided support that includes preparing documentation and policies; however, they have not done what is necessary to fulfil the Cyber requirements under these contracts. The obligation and requirements to be compliant is not a paperwork exercise. The complete cybersecurity assessment is an aggregation of technology, networking, security, situational awareness, vulnerability awareness, policies, procedures, and the cyber event reporting obligation.

As mentioned above, the cyber-compliance requirements must be backed up by proof. Proof is defined differently by different people, but, in the end, the burden is on the suppliers to have knowledge, evidence, and awareness of all the cyber controls, implementation, vulnerabilities, real-time cyber events and processes around each control, vs a checklist.

Below are the minimum requirements:

  1. Self-Attestation of the contract obligations for compliance – Attesting to compliance
  2. System Security Plan with the following provable elements (updated periodically)
    • System Boundaries – Identify the network map, connections and segmentations initially and through the life of the contract
    • System Environments of Operations - Operating Environment where CUI is stored.
    • How are the security requirements implemented – Both policy, actual evidence and proof of the security requirements are active in real-time.
    • Relationships with or connections to other systems – Real-time situational awareness of connections and system profile information.
  3. Plan of Action & Milestones – the detailed plan of cyber gaps and remediations necessary and updated to show continuous improvements.
  4. Incident Response Plan – An approved process defined by the DoD for reporting incidents within 72-hours of the event. The 72-hour time limit is Not negotiable.
  5. Be prepared to prove your cyber resiliency with implemented “adequate” cybersecurity controls, cyber event monitoring and processes. If you cannot, your business is at risk from cyber criminals and loss of federal contracts.

The time is now to act, and both prepare for compliance and become cyber prepared. The reality is your company is listed in multiple data base directories that you potentially hold CUI – you are a high risk of being attacked. When you are attacked the nation’s, security is at risk. Become cyber prepared and protect the nation, your business and your employees.

www.cytellix.com, #cytellix

Intro to Your Tech: Authentication
Which Hosted Solution Are You Depending On?

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Business Computing Best Practices Privacy Managed IT Services Network Security Cloud Hackers Malware Internet User Tips Data Productivity Communications Microsoft Communication Outsourced IT Efficiency IT Support Cybersecurity Business Management Passwords Software Tech Term Backup Ransomware Business Smartphones Hardware Windows 10 Google Innovation VoIP Email Alert Productivity Users Social Media Mobile Device Network IT Services Small Business Bandwidth Apps Data Recovery Browser Smartphone Data Backup Save Money Microsoft Office Hosted Solutions Cloud Computing Miscellaneous Collaboration Phishing Holiday App Business Continuity Twitter Office 365 Workplace Tips Data Breach Vulnerability Saving Money Mobile Devices Access Control Android Internet of Things Computer Networking Cybercrime Government Applications Gadgets Facebook BDR Patch Management Workers Office Law Enforcement Blockchain Settings Net Neutrality Compliance Personal Information Excel Wireless Mobile Device Management Company Culture Politics Chrome Employer-Employee Relationship Wi-Fi Remote Monitoring Scam Vendor Management Word Managing Stress Windows Virtual Assistant Data Security Information Marketing How To Medical IT Value Entertainment Recovery Connectivity Maintenance Password Website Remote Monitoring and Management Retail Antivirus Upgrade BYOD Spam Automation Managed IT Service Computers Dark Web Paperless Office SaaS Virus Healthcare Education Telephony Voice over Internet Protocol Managed Service Worker Yahoo Digital Apple Internet Explorer Reporting Cryptocurrency IaaS Tech Support Multi-Factor Security Specifications A.I. VoIPMyths Video Credit Cards News disposal Plug-In Television Information Technology Microsoft Office 365 Electronic Health Records Staffing Hard Drives Safety Licensing Inventory Voice over IP Mobility Smart Technology Email Management IT Management Sports Printer Server Dongle Profitability Printer DDoS The Internet of Things Edge iPhone Threat HaaS Budget Movies VoIPSavings Gadget Spyware Telephone System WannaCry Proactive IT E-Commerce Biometrics Authentication Health Avoiding Downtime Travel Amazon Training Business Intelligence Dark Data Tech Terms Sales Time Management Cleaning Printers Physical Security Bring Your Own Device Eliminating Downtime WiFi GDPR Router Data loss Content Filtering Update Current Events Shortcut Cortana HP HIPAA Payment Leadership Access Authorization Employees Live Streaming Security Cameras Unified Threat Management Customer Service Tablet Streaming Media Storage Computer Care Managed Service Provider Cost Management Files Technology Tips Hybrid Cloud Wireless Internet Telephone Systems Data Protection Managed IT Staff Gmail RAM Technology Efficiently CrashOverride Document Management Remote Support Database Hard Drive instant Messaging Knowledge Downloads Solid State Drive Hiring/Firing Employer Employee Relationship WhatsApp Wireless Charging Disaster Recovery Botnet VPN Error Human Resources Gaming Console Backup and Disaster Recovery Cables Help Desk Remote Control Encryption Websites Microsoft Teams Outlook Battery Data Management Tactics Processors Regulation Vulnerabilities Analytics Artificial Intelligence Comparison Trends Troubleshooting Hard Disk Drive Scalability Phone System Automobile e-waste Lead Generation Two-factor Authentication Touchscreen Employee-Employer Relationship Video Games Google Maps Emergency SSD Certification Synergy IT budget PowerPoint Tip of the week Windows 10 Augmented Reality Machine Learning VoIP Virtualization Wireless Technology 5G Autocorrect Paste IBM Business Technology Search Scheduling Hacker Remote Computing G Suite Windows 7 Telecommute Conferencing Server Managed IT Services Competition Mobile Security eCommerce Emoji Customer Relationship Management Instagram IP Address Telecommuting Big Data Laptop Printing Money Unified Communications Samsung Operating System Online Shopping Network Attached Storage Chrome OS Mobile Office Millennials Paper Domains Quick Tips Environment Wearables Google Drive Server Management IT Support Hosted Solution File Sharing Ink Fun User Tip Public Speaking Presentation Lithium-ion battery Copy Spam Blocking User Security

Newsletter Sign Up