NIST 800-171 / FISMA / DFARS

Years ago, governments defended themselves through espionage and military engagement. Today, there are still plenty of both. However, the form they’ve taken has changed drastically. Physical spies have given way to higher levels of digital reconnaissance. To defend against these threats, the U.S government created the Defense Federal Acquisition Regulation Supplement (DFARS) in 2017.

Without getting too deep into how DFARS functions as an organization, and what countries need to be aware of DFARS compliance, here we’ll cover go through a complete step by step breakdown of how to become DFARS compliant.

Naturally, a government mandate tasked with protecting sensitive information is going to be extremely comprehensive and (at times) exhausting. The NIST SP 800-171 is essentially all the inputs, outputs, regulations and requirements for any businesses looking to complete their DFARS compliant statement.

If you are a client or a business that supports clients that serve the Department of Defense (DoD) as a contractor or subcontractor you’ve likely heard of Defense Federal Acquisition Regulation Supplement (DFARS).  Protecting sensitive national defense information shared with and created and maintained by private organizations that support federal government contracts is vital to our national security. DoD contractors that process, disseminate, store or transmit Controlled Unclassified Information (CUI) are required to meet DFARS minimum security standards or risk losing existing DoD contracts and eligibility for future contracts.

The Defense Federal Acquisition Regulation Supplement (DFARS) governs the acquisition of goods and services for the Department of Defense (DoD). Both officials and contractors must comply with the requirements set forth in DFARS. As anyone who has looked at the requirements set forth in DFARS knows, DFARS itself is a complex regulatory body that is broad in scope and depth. Contractors and subcontractors that supply or work with the DoD are required to comply with DFARS or face penalties for non-compliance, making it essential to understand exactly what your DFARS compliance requirements are and how you can meet them.

What is the DFARS Checklist?

DFARS stands for Defense Federal Acquisition Regulation Supplement. Despite its best intentions, the acronym doesn’t give the layman much of a hint to its actual purpose. In simpler terms, the DFARS checklist is a security standard set forth by the Department of Defense (DoD).

Any business or entity that holds Controlled Unclassified Information (CUI) is required to meet the DFARS minimum security standards or runs the risk of losing all of their DoD contracts. This supplemental regulation summary comes from NIST Handbook 162. A complete breakdown of cybersecurity requirements and a step-by-step guide is available for your perusal. Be forewarned that the NIST handbook 162 is not the easiest read. However, it is very useful.

Companies with defense contracts may be interested to know that within NIST Handbook 162 is also information regarding NIST SP 800-171. NIST SP 800-171 and DFARS compliance are closely related but have separate requirements that all must be met in order to maintain DoD contracts.

The most recent DFARS compliance update deadline was the last day of 2017. Due to the nature of digital security, continual updates of DFARS are to be expected every few years.

DFARS are complicated security requirements that involve following some confusing instructions. RSI Security has been helping businesses of all sizes with all types of security obligations. Read on to learn how you can cross off the DFARS checklist or contact us today for more personal help.

Source: Kaspersky Lab Daily

When your grandparents used to lament about security or warn you to lock your doors at night that was as far as the concept of “security” went. No one thought an intruder could penetrate a location without physically breaking down doors. Yet today, bank robbers can steal millions of dollars from the comfort of a desk chair. On a household level, this unauthorized accessibility sounds concerning, but when considered by government agencies, the threat is terrifying. While average households possess a small amount of valuable information, governments store millions of records, usually of a sensitive nature. Realizing the potential implications of remote threats, the U.S. Government developed a set of cyber security guidelines called the Federal Information Security Management Act (FISMA). Are you looking to achieve FISMA compliance? Continue reading for an overview of the FISMA certification and accreditation process.

The Federal Information Security Act (FISMA) was introduced in 2002 to ensure that all government vendors, contractors, and partners handle confidential and sensitive information appropriately, intending to provide protection against various security threats. Depending on the nature of your business, you’re going to need to reach specific levels of compliance to avoid FISMA fines, penalties, and consequences.

No organization takes cyber security and digital privacy as seriously as the U.S. Department of Defense. It’s why the Federal Information Security Management Act (FISMA) was implemented by the DoD, setting data security standards government partners and contractors. Vendors that fail to comply with FISMA could be in for stiff fines and penalties.

Maintaining compliance with the Federal Information Security Management Act (FISMA) is essential for government agencies or private contractors that deal with those agencies. Since its formal adoption in 2003, FISMA has helped safeguard critical systems and information. Although FISMA compliance is mandatory for some, it carries with it a number of tangible benefits. In this article, we’ll break down what FISMA is, what the requirements of FISMA are, FISMA standards, and what benefits compliance with FISMA brings for covered entities. This information can help inform organizational decisions regarding whether obtaining, or maintaining, FISMA compliance can be beneficial to your organization and its cybersecurity solutions.

In 2002, the internet was ten years old but still in many ways was in its nascent stages. However, its growth had spurred the dissemination and sharing of information at a torrid rate. At the turn of the century, the term “cybersecurity” had yet to become part of the mainstream lexicon. Despite the lack of sophistication in the early days of the internet, the government realized the potential risk that digital information could pose in the wrong hands.

The term Cloud Computing appears in Google search nearly 54 million times. But The Cloud remains to be this elusive entity to the general population. Those who fit into this category either see cloud-based computing as this near-magical technology that whisks your data into another dimension for you to summon at a moments notice at your beck and call (which sounds pretty wizard-like). For those who work with the technology daily and understand its capabilities, the technology is much more simplistic than others would make it seem, even though it does have some technical nuances.