NIST 800-171 / DFARS / CMMC

Over the last two decades, the role of IT departments has undergone dramatic change due to the growing percentage of Americans who rely upon their tablets, smartphones, or similar mobile devices to accomplish their daily work activities. As is so often the case, this progress has been a boon in some ways and a mounting problem in others, especially for IT; on one hand, the Internet of Things [IoT] has made it so employees are more efficient, on the other, it has opened up a new Pandora’s box of potential cybersecurity threats.

Security controls rarely keep pace with the security risks posed by new tech. And in the case of mobile, security threats arise from both bring your own device [BYOD] policies as well as corporately owned and personally enabled [COPE] mobile policies. In response to this looming threat, the National Institute of Security Technology [NIST] released its “Guidance on Mobile Security Report,” which we’ll outline below. Armed with these security recommendations, your business can ensure that your mobile security practices are up to date and robust.   

Years ago, governments defended themselves through espionage and military engagement. Today, there are still plenty of both. However, the form they’ve taken has changed drastically. Physical spies have given way to higher levels of digital reconnaissance. To defend against these threats, the U.S government created the Defense Federal Acquisition Regulation Supplement (DFARS) in 2017.

Without getting too deep into how DFARS functions as an organization, and what countries need to be aware of DFARS compliance, here we’ll cover go through a complete step by step breakdown of how to become DFARS compliant.

Naturally, a government mandate tasked with protecting sensitive information is going to be extremely comprehensive and (at times) exhausting. The NIST SP 800-171 is essentially all the inputs, outputs, regulations and requirements for any businesses looking to complete their DFARS compliant statement.

If you are a client or a business that supports clients that serve the Department of Defense (DoD) as a contractor or subcontractor you’ve likely heard of Defense Federal Acquisition Regulation Supplement (DFARS).  Protecting sensitive national defense information shared with and created and maintained by private organizations that support federal government contracts is vital to our national security. DoD contractors that process, disseminate, store or transmit Controlled Unclassified Information (CUI) are required to meet DFARS minimum security standards or risk losing existing DoD contracts and eligibility for future contracts.

The Defense Federal Acquisition Regulation Supplement (DFARS) governs the acquisition of goods and services for the Department of Defense (DoD). Both officials and contractors must comply with the requirements set forth in DFARS. As anyone who has looked at the requirements set forth in DFARS knows, DFARS itself is a complex regulatory body that is broad in scope and depth. Contractors and subcontractors that supply or work with the DoD are required to comply with DFARS or face penalties for non-compliance, making it essential to understand exactly what your DFARS compliance requirements are and how you can meet them.

What is the DFARS Checklist?

DFARS stands for Defense Federal Acquisition Regulation Supplement. Despite its best intentions, the acronym doesn’t give the layman much of a hint to its actual purpose. In simpler terms, the DFARS checklist is a security standard set forth by the Department of Defense (DoD).

Any business or entity that holds Controlled Unclassified Information (CUI) is required to meet the DFARS minimum security standards or runs the risk of losing all of their DoD contracts. This supplemental regulation summary comes from NIST Handbook 162. A complete breakdown of cybersecurity requirements and a step-by-step guide is available for your perusal. Be forewarned that the NIST handbook 162 is not the easiest read. However, it is very useful.

Companies with defense contracts may be interested to know that within NIST Handbook 162 is also information regarding NIST SP 800-171. NIST SP 800-171 and DFARS compliance are closely related but have separate requirements that all must be met in order to maintain DoD contracts.

The most recent DFARS compliance update deadline was the last day of 2017. Due to the nature of digital security, continual updates of DFARS are to be expected every few years.

DFARS are complicated security requirements that involve following some confusing instructions. RSI Security has been helping businesses of all sizes with all types of security obligations. Read on to learn how you can cross off the DFARS checklist or contact us today for more personal help.

Business owners should know the answer to the question, how prepared is your business to face cyber threats? However, most do not. The National Institute of Standards and Technologys (NIST) cybersecurity framework is one of the most recognized structures for improving sensitive data security against todays cyber threats from all devices. Meant to be a voluntary framework for taking security measures to identify and minimize cybersecurity risks, the NIST framework has been used in a wide variety of industries. In this article, well break down why the NIST framework was created, how it is structured, and how it helps to create a robust cybersecurity risk-management strategy. The NIST framework can be daunting at first, particularly for smaller organizations that may not be sure how to leverage the framework to create actionable insights into gaps in their cybersecurity. The information provided in this article should prove as a helpful starting place for organizations wishing to get a brief introduction to the NIST framework, as well as highlight some of the key advantages that adopting the NIST framework brings to organizations of any size.