Department of Defense contractors and subcontractors have a big change to cybersecurity governance regulations. Current cybersecurity standards (NIST 800-171) are being updated into a new framework called CMMC.
NIST 800-171 / DFARS
Attentiveness and thoroughness can spell the difference between booming and bankruptcy in today’s ever-changing digital business landscape. With global e-retail sales projected to hit 47 percent this year, the need to have an optimization strategy, clear customer experience, and a practical plan for operational execution becomes more apparent to stay competitive.
Over the last two decades, the role of IT departments has undergone dramatic change due to the growing percentage of Americans who rely upon their tablets, smartphones, or similar mobile devices to accomplish their daily work activities. As is so often the case, this progress has been a boon in some ways and a mounting problem in others, especially for IT; on one hand, the Internet of Things [IoT] has made it so employees are more efficient, on the other, it has opened up a new Pandora’s box of potential cybersecurity threats.
Security controls rarely keep pace with the security risks posed by new tech. And in the case of mobile, security threats arise from both bring your own device [BYOD] policies as well as corporately owned and personally enabled [COPE] mobile policies. In response to this looming threat, the National Institute of Security Technology [NIST] released its “Guidance on Mobile Security Report,” which we’ll outline below. Armed with these security recommendations, your business can ensure that your mobile security practices are up to date and robust.
HITRUST vs. NIST
With the passing of the Health Insurance Portability and Accountability Act (HIPAA) in 1996 came the need to update healthcare records onto electronic devices. Although, the adoption of these electronic health records (EHRs) primarily came later, when the Health Information Technology for Economic and Clinical Health Act (HITECH) was passed in 2009. With the combined set of rules and regulations, being both HIPAA and HITECH compliant became a complex puzzle for healthcare organizations to piece together.
But data and data security issues weren’t going to wait. With the significant proliferation of computers, smartphones, and other electronic devices, data security and privacy regulations needed to be streamlined and enforced. Thus, frameworks for data security and security compliance were created.
NIST and HITRUST are both frameworks that help healthcare organizations stay HIPAA compliant to avoid penalties for data security breaches. Though the question then becomes: which framework should be used, and are the two compatible? To explore these questions and more, read ahead.
Years ago, governments defended themselves through espionage and military engagement. Today, there are still plenty of both. However, the form they’ve taken has changed drastically. Physical spies have given way to higher levels of digital reconnaissance. To defend against these threats, the U.S government created the Defense Federal Acquisition Regulation Supplement (DFARS) in 2017.
Without getting too deep into how DFARS functions as an organization, and what countries need to be aware of DFARS compliance, here we’ll cover go through a complete step by step breakdown of how to become DFARS compliant.
Naturally, a government mandate tasked with protecting sensitive information is going to be extremely comprehensive and (at times) exhausting. The NIST SP 800-171 is essentially all the inputs, outputs, regulations and requirements for any businesses looking to complete their DFARS compliant statement.
If you are a client or a business that supports clients that serve the Department of Defense (DoD) as a contractor or subcontractor you’ve likely heard of Defense Federal Acquisition Regulation Supplement (DFARS). Protecting sensitive national defense information shared with and created and maintained by private organizations that support federal government contracts is vital to our national security. DoD contractors that process, disseminate, store or transmit Controlled Unclassified Information (CUI) are required to meet DFARS minimum security standards or risk losing existing DoD contracts and eligibility for future contracts.
The Defense Federal Acquisition Regulation Supplement (DFARS) governs the acquisition of goods and services for the Department of Defense (DoD). Both officials and contractors must comply with the requirements set forth in DFARS. As anyone who has looked at the requirements set forth in DFARS knows, DFARS itself is a complex regulatory body that is broad in scope and depth. Contractors and subcontractors that supply or work with the DoD are required to comply with DFARS or face penalties for non-compliance, making it essential to understand exactly what your DFARS compliance requirements are and how you can meet them.
What is the DFARS Checklist?
DFARS stands for Defense Federal Acquisition Regulation Supplement. Despite its best intentions, the acronym doesn’t give the layman much of a hint to its actual purpose. In simpler terms, the DFARS checklist is a security standard set forth by the Department of Defense (DoD).
Any business or entity that holds Controlled Unclassified Information (CUI) is required to meet the DFARS minimum security standards or runs the risk of losing all of their DoD contracts. This supplemental regulation summary comes from NIST Handbook 162. A complete breakdown of cybersecurity requirements and a step-by-step guide is available for your perusal. Be forewarned that the NIST handbook 162 is not the easiest read. However, it is very useful.
Companies with defense contracts may be interested to know that within NIST Handbook 162 is also information regarding NIST SP 800-171. NIST SP 800-171 and DFARS compliance are closely related but have separate requirements that all must be met in order to maintain DoD contracts.
The most recent DFARS compliance update deadline was the last day of 2017. Due to the nature of digital security, continual updates of DFARS are to be expected every few years.
DFARS are complicated security requirements that involve following some confusing instructions. RSI Security has been helping businesses of all sizes with all types of security obligations. Read on to learn how you can cross off the DFARS checklist or contact us today for more personal help.
The term Cloud Computing appears in Google search nearly 54 million times. But The Cloud remains to be this elusive entity to the general population. Those who fit into this category either see cloud-based computing as this near-magical technology that whisks your data into another dimension for you to summon at a moments notice at your beck and call (which sounds pretty wizard-like). For those who work with the technology daily and understand its capabilities, the technology is much more simplistic than others would make it seem, even though it does have some technical nuances.
Almost every online interaction, whether it be a financial transaction, company login, or a simple email conversation, requires the use of a password. With data breaches becoming more common and prolific, passwords have evolved into complex strings of characters that are difficult to remember. Ironically, this conundrum has resulted in stores selling password books for recording all the numerous credentials individuals use on a daily basis; however, this defeats the very purpose of passwords. Consequently, the National Institute of Science and Technology (NIST) began researching past data breaches and experimenting with various password structures to identify better authentication practices. Besides providing NIST definitions for cloud computing, the NIST has also now provided guidelines to create safer passwords. Do you know how to create a safe and effective password for your profiles? Learn about NIST password guidelines and NIST compliance by reading on.