Are you ready for the New DFARS clause on Cyber Security?
I’ve been getting a few calls and emails of late asking about the new DFARS cyber security requirements. These calls are referring to DFARS 252.204-7012, which calls for adoption of NIST SP 800-171. The timing is understandable as this clause is starting to appear in contracts or as flow-down to subcontracts. For those not familiar, NIST SP 800-171 “Protecting Controlled Unclassified Information in Nonfederal Information Systems and organizations” as the title implies, deals with controlled unclassified information (CUI) and specifically when it’s in the possession of nonfederal systems (e.g., Government Contractor systems).
The definition of CUI is an interesting read for the security and management wonks. The government contractor might not be prepared to consider the data in their accounting system, like Deltek Costpoint to be included in the definition. However, the government’s interest in making sure that a business’ proprietary information remains secure helps assure the survival of that enterprise, which is certainly in the government’s best interest.
If you’re a U.S. defense contractor or subcontractor you’re hopefully well along in your compliance analysis and ready for the December 31, 2017 deadline. At NeoSystems, our secure, private cloud hosting and IT infrastructure is audited by an external third-party. Our auditor’s SOC 2 Type 2 report maps out our controls to show compliance with NIST SP 800-171.
So, to our clients who have concerns about NIST SP 800-171 and DFARS 252.204-7012, I can say: “Grow Ahead, We Got Your Back-Office”. If you have more questions about NIST SP 800-171, DFARS 252.204-7012, and how they impact your business and ability to meet compliance requirements, please feel free to give me a call.