All commercial government, supply chain, manufacturing, aerospace, and automotive suppliers must implement the cybersecurity controls, listed in the NIST SP 800-171 guidelines by December 31, 2017. Failure to comply will reduce or eliminate an organization’s chances of qualification to renewing contracts. These requirements for compliance include a gap analysis of organizations’ cyber preparedness and on-going continuous improvement of cyber health.
Most small to medium sized commercial companies face continuous challenges to simply maintain the everyday Information Technology and networking needs to support their core businesses. Therefore, for small and medium companies which are part of the U.S. government manufacturing supply chain, these new information security compliance requirements represent a unique challenge directly related to their bottom lines. Commercial supply chain organizations must follow the same guidelines as federal contractors.
The Department of Defense has issued Defense Federal Acquisition Regulation Supplement (DFARS) 252.204.7012 regarding the Safeguarding Covered Defense Information and Cyber Incident Reporting. This requires that contractors implement the security controls defined in NIST SP 800-171. With over 100 controls that must be addressed, the challenge is understanding what it means to be compliant and how to implement and maintain appropriate security safeguards. All suppliers must assess their cyber security posture of their network/system across the 14 security control domains defined in NIST SP 800-171 and be prepared to notify the DoD and the affected supply chain should an incident occur within 72 hours of any cyber security incident.
FROM PREVENTION TO PROTECTION
|Cytellix Managed Services
NIST & DFARS Cybersecurity Compliance
Network & Vulnerability Assessment
Gap Analysis, POAM, SSP
Network Situational Awareness
Complete Enterprise Visibility
Real-time Cyber Analytics
Scaling and Integration