...Loading...
Banner Image

Categories

2Education
Education (2)
6General
General (2)
4In The News
In The News (1)
3Press Release
Press Release (2)
1Regulation
Regulation (4)
5Thought Leadership
Thought Leadership (2)

Archives

201811November3
November 2018 (3)
201808August2
August 2018 (2)
201807July1
July 2018 (1)
201805May1
May 2018 (1)
201804April1
April 2018 (1)
201803March3
March 2018 (3)
201802February1
February 2018 (1)
2https://www.securitygate.io/blog/2018/02/dfars-compliance-regulation-nist
What You Need to Know About DFARS
Posted by: Poster Avatar Brent Gage   |    02/28/2018 08:00 AM    |    Categorized under:  Regulation

Featured Image

WHAT IS DFARS, AND WHY ARE MY CUSTOMERS ASKING ABOUT IT?

If it’s been asked, you are either in the process of responding to an RFP or already have a contract with Department of Defense (DoD).  All Defense contractors that process, store, or transmit Controlled Unclassified Information (CUI) must meet the Defense Federal Acquisition Regulation Supplement (DFARS) minimum security standards by December 31, 2017 or risk losing their DoD contracts or RFP opportunities.

SO WHAT DO I NEED TO DO TO WIN OR KEEP DEFENSE CONTRACTS?

The requirements are outlined by the National Institute of Standards and Technology (NIST).  NIST is a non-regulatory government agency that is responsible for the production of standards and guidelines to help government agencies protect their information and information systems.  To comply with DFARS, DoD contractors and their downstream suppliers must meet the applicable controls set out in the NIST Special Publication 800-171.  

In the NIST Handbook 162, NIST explains the steps to take in order to become DFARS compliant.  The NIST Handbook is 170 pages! For reference, here is a link to the handbook.

Bottomline – approaching NIST 800-171 compliance on a DIY basis, is like tackling a corporate tax return, without an accounting degree.

IT’S  A LOT OF WORK!

It is a lot of work to meet NIST 800-171 compliance – and, it can also be very expensive if you try to compete with big enterprises that have an entire department dedicated to DFARS cybersecurity compliance.  Their investment is routinely hundreds of thousands of dollars on an annual basis.  

If you are a small or medium-sized business (SMB), this approach is just not economically feasible. In fact, many SMB product and service providers are walking away from great Defense-related business opportunities because the risk and cost is just to great. And it’s not just a problem for small businesses.  Larger businesses often have dozens (or hundreds) of downstream contractors that they’re responsible for, in regards to DFARS compliance.

AUTOMATE THE WHOLE PROCESS OF NIST 800-171 COMPLIANCE TO MAKE IT EASIER AND MORE AFFORDABLE

Achieving DFARS compliance per NIST.SP.800-171 for your company can be daunting, because it has been a manual and complex process. SecurityGate has automated many industry-specific security regulation and compliance standards, including the NIST 800-171 requirement with the SecurityGate Security Risk and Compliance Management Platform.  It not only automates your internal risk assessments and provides an actionable roadmap for NIST compliance, the SecurityGate Platform also automates the assessments for your downstream contractors.  All data collected is presented in an easy-to-read, cloud-based dashboard where you can track progress and see where you need to focus next – anywhere and at anytime from a web-browser.

Contact Us for an Initial Assessment with the SecurityGate Platform. 

CONTACT US

http://nvlpubs.nist.gov/nistpubs/hb/2017/NIST.HB.162.pdf

 

 

 

 


 

Author Image

Author

Brent Gage

MORE POSTS BY Brent Gage