As US government contractor, your business needs to comply with certain standards set by the Department of Defense (DoD). The DFARS 7012 and NIST SP 800-171 are a significant part of these standards.
Both compliance systems have been designed to protect the contractor’s information systems. The information system may contain data provided by the DoD to the contractor. This data is referred to as the Covered Defense Information or CDI.
CDI is the unclassified information provided by the DoD to the contractor. This information may deal with the performance of the contract but can be extended to collection, development, receiving, transmission, usage or storage by the contractor for the support purposes of the performance. It is significant to mention that CDI is actually a broad term. It can include technical, operational and administrative information.
The new defense requirements demand the contractors to understand the CDI more deeply. They must remember to prepare and produce sufficient protection from the information they store, process and transmit. This can be done using the controls of the NIST SP 800-171, which are the security and privacy controls for the non-federal information systems. The new requirements also state that companies should be ready for identifying and responding to the security incidents.
It is important to mention that all contractors, regardless of being prime of subsequent, must comply with the new requirements. Some companies may not be in possession of CDI but must report any exception while complying with the NIST SP 800-171 as well.
To ensure that you are meeting the compliance standards effectively regarding the DFARS 7012 and NIST SP 800-171, you need the valuable support of an expert in the field. At the RIS Group, we have a sufficient experience with business sectors associated with the DoD. Our experts have a background in military and federal/DoD contracting companies, which makes them a good source of advice for the compliance issues. We can effectively help you achieve the compliance through the FARS Part 252.204-7012 Compliance and Assessment Services.
The RIS Group can help your business handle the significant DFARS compliance concerns:
Adequate Security: There are certain controls that should be in place to ensure the security of the company information systems. These include the NIST SP 800-171 for on-premises systems and the DoD cloud computing security, clause 252.239-7010, and the NIST SP 800-171 for the cloud based systems.
Cyber Incident Reporting: Any cybersecurity issue capable of impacting the information system under the scope of the DFARS must be reported within 72 hours of identification. This requires the medium assurance certificate.
Subcontracts: Any work that is subcontracted by your business that falls under the scope of DFARS must be handed to compliant subcontractors only.
For more details regarding the issue, please contact us today!
RIS Group is a leader in cybersecurity solutions that help organizations whether small, medium or large to reduce the risk of cyber breaches and demonstrate compliance. We are best in tightly integrating and automating all eight critical IT GRC components: Risk Management, Compliance Management, Audit Management, Vendor Management, Incident Response Management, Vulnerability Management and Policy Management.Read More
17323 Jefferson Davies Highway, Dumfries VA 22026