888.678.7282    Get SUPPORT

Strata Information Technology Blog


Sharing this great blog article by Brian Berger – Executive Vice President of Cytellix Cybersecurity The deadline for the supply chain to meet compliance with NIST SP 800-171 under Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 was December 31, 2017. As we are all aware, the enforcement and teeth of this deadline was deferred until NOW. By the end of August 2018, all contractors who have been awarded contracts to provide products or services which requires the use of Controlled Unclassified Information (CUI), will be put on notice that enforcement will begin with the new government fiscal year starting October 1, 2018. The obligation of proof is placed upon the supplier, their suppliers and their suppliers.

What does this mean for the supply chain under these contracts? Audits will begin on October 1, 2018 for proof of compliance. The two forms of remedies for failing the audits include a Corrective Action Reports (CAR) and/or loss of contract. The end of the “grace period” has come to an end as well as the request for waivers.

What will occur in the audit is not merely a documentation exercise. Many consultants provided support that includes preparing documentation and policies; however, they have not done what is necessary to fulfil the Cyber requirements under these contracts. The obligation and requirements to be compliant is not a paperwork exercise. The complete cybersecurity assessment is an aggregation of technology, networking, security, situational awareness, vulnerability awareness, policies, procedures, and the cyber event reporting obligation.

As mentioned above, the cyber-compliance requirements must be backed up by proof. Proof is defined differently by different people, but, in the end, the burden is on the suppliers to have knowledge, evidence, and awareness of all the cyber controls, implementation, vulnerabilities, real-time cyber events and processes around each control, vs a checklist.

Below are the minimum requirements:

  1. Self-Attestation of the contract obligations for compliance – Attesting to compliance
  2. System Security Plan with the following provable elements (updated periodically)
    • System Boundaries – Identify the network map, connections and segmentations initially and through the life of the contract
    • System Environments of Operations - Operating Environment where CUI is stored.
    • How are the security requirements implemented – Both policy, actual evidence and proof of the security requirements are active in real-time.
    • Relationships with or connections to other systems – Real-time situational awareness of connections and system profile information.
  3. Plan of Action & Milestones – the detailed plan of cyber gaps and remediations necessary and updated to show continuous improvements.
  4. Incident Response Plan – An approved process defined by the DoD for reporting incidents within 72-hours of the event. The 72-hour time limit is Not negotiable.
  5. Be prepared to prove your cyber resiliency with implemented “adequate” cybersecurity controls, cyber event monitoring and processes. If you cannot, your business is at risk from cyber criminals and loss of federal contracts.

The time is now to act, and both prepare for compliance and become cyber prepared. The reality is your company is listed in multiple data base directories that you potentially hold CUI – you are a high risk of being attacked. When you are attacked the nation’s, security is at risk. Become cyber prepared and protect the nation, your business and your employees.

www.cytellix.com, #cytellix

Intro to Your Tech: Authentication
Which Hosted Solution Are You Depending On?

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Business Computing Technology Best Practices Managed IT Services Privacy Cloud Network Security Malware Internet Hackers Communications User Tips Cybersecurity Software Tech Term Productivity Ransomware Backup Microsoft Passwords IT Support Business Management Smartphones Outsourced IT VoIP Efficiency Email Productivity Data Alert Business Hardware Communication Small Business Data Recovery Browser IT Services Innovation Network Google Social Media Data Backup Windows 10 Hosted Solutions Cloud Computing Mobile Device Smartphone Microsoft Office Phishing Holiday Users Collaboration Save Money Business Continuity Apps Vulnerability Data Breach Miscellaneous Android Saving Money App Bandwidth Access Control Twitter Internet of Things Computer Compliance BDR Applications Facebook Law Enforcement Workplace Tips Blockchain Patch Management Workers Office 365 Personal Information Settings Employer-Employee Relationship Remote Monitoring Scam Excel Company Culture Cybercrime Networking Politics Wireless Government Mobile Device Management Mobile Devices Wi-Fi Virtual Assistant Connectivity How To Entertainment Recovery Marketing Antivirus Maintenance Password Retail Computers Office Website Data Security BYOD Education Medical IT Vendor Management Automation Managed IT Service SaaS Spam Dark Web Managing Stress Chrome Virus Information Remote Monitoring and Management Windows Word Storage Multi-Factor Security Specifications Avoiding Downtime Movies Credit Cards Wireless Internet News Dark Data Spyware Value Television Information Technology Email Management Tech Terms Staffing Technology Efficiently Licensing Voice over IP Amazon Smart Technology instant Messaging HaaS Printer Server Tech Support Cortana Bring Your Own Device Printer iPhone Error Data loss Gadget Safety Help Desk Telephone System WannaCry Unified Threat Management HP Biometrics Sales Managed Service Provider Cost Management Streaming Media Outlook Travel Business Intelligence The Internet of Things Regulation Vulnerabilities Cleaning Printers Gadgets Budget Troubleshooting Physical Security Technology Tips Hybrid Cloud Healthcare WiFi Managed IT Leadership Access Touchscreen Router Content Filtering Hiring/Firing Employer Employee Relationship Staff RAM Current Events Shortcut Certification HIPAA Botnet VPN Document Management Database Reporting Tablet Downloads Managed Service Live Streaming Encryption Computer Care VoIPMyths Files Battery Data Management Backup and Disaster Recovery Cables Plug-In Telephone Systems Data Protection Microsoft Office 365 Gmail Automobile Websites Microsoft Teams Net Neutrality CrashOverride Mobility Remote Support Hard Drive Paperless Office Tactics Knowledge Artificial Intelligence Trends Profitability WhatsApp Wireless Charging Synergy e-waste Disaster Recovery Upgrade IT budget PowerPoint Gaming Console VoIPSavings Yahoo SSD Voice over Internet Protocol Proactive IT E-Commerce Remote Control Digital Internet Explorer Analytics Authentication Training Processors GDPR Comparison Hard Drives A.I. Scalability Phone System Eliminating Downtime Lead Generation disposal IT Management Sports Video Games Google Maps Update Emergency Telephony DDoS Inventory Payment Edge Threat IaaS Two-factor Authentication Authorization Dongle Worker Security Cameras Apple Telecommute VoIP Lithium-ion battery Emoji Business Technology Instagram Mobile Security Paste Augmented Reality Laptop Printing Quick Tips Remote Computing Samsung Wireless Technology 5G Wearables Money IBM Conferencing Unified Communications Network Attached Storage Managed IT Services Hacker eCommerce Operating System Paper Telecommuting Customer Relationship Management Competition Cryptocurrency Server Management IP Address Online Shopping Environment Big Data Ink Millennials Fun Customer Service Google Drive Mobile Office IT Support Hosted Solution Domains File Sharing User Tip Virtualization Autocorrect Machine Learning Search Scheduling Copy Public Speaking Spam Blocking User Security Tip of the week Server G Suite Windows 10 Presentation

Newsletter Sign Up