DEFENSE CYBER SOLUTIONS INC

Michigan Office: (313) 461-2689

Compliance Quiz Here

RECENT NEWS & ARTICLES

What is the Interim Rule? Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041)
Effective November 30, 2020 any company awarded a contract direct from DOD or a prime requiring implementation of DFARS clause 252.204– 7012 is required to have their NIST 800-171 self-assessment score documented in the Supplier Performance Risk System (SPRS) at https://www.sprs.csd.disa.mil/. Self-assessment score must not be more than three years old.
DoD contractors must include DFARS clause 252.204– 7012 in subcontracts for which subcontract performance will involve covered defense information (DoD CUI).
The top five NAICS code industries expected to be impacted by this rule are as follows: 541712, Research and Development in the Physical, Engineering, and Life Sciences (Except Biotechnology); 541330, Engineering Services; 236220, Commercial and Institutional Building Construction; 541519, Other Computer Related Services; and 561210, Facilities Support Services.
To submit the Basic Assessment, the contractor is required to complete 6 fields: System security plan name (if more than one system is involved); CAGE code associated with the plan; a brief description of the plan architecture; date of the assessment; total score; and the date a score of 110 will be achieved. All of this data is available from the Basic Assessment itself, the existing system security plan, and the plans of action. The contractor selects the date when the last plan action will be complete as the date when a score of 110 will be achieved.
After a contract is awarded, DoD may choose to conduct a Medium or High Assessment of an offer based on the criticality of the program or the sensitivity of information being handled by the contractor. Under both the Medium and High Assessment DoD assessors will be reviewing the contractor’s system security plan description of how each NIST SP 800–171 requirement is met and will identify any descriptions that may not properly address the security requirements. The contractor provides DoD access to its facilities and personnel, if necessary, and prepares for/participates in the assessment conducted by the DoD. Under a High Assessment a contractor will be asked to demonstrate their system security plan. DoD will post the results in SPRS.

The NIST SP 800–171 DoD Assessment Methodology
Phishing Attack Prevention: How to Identify & Avoid Phishing Scams in 2019
A panel of infosec experts discuss the most common phishing attacks and how to prevent them.
Read Article List Item 1
125 New Flaws Found in Routers and NAS Devices from Popular Brands
The world of connected consumer electronics, IoT, and smart devices is growing faster than ever with tens of billions of connected devices streaming and sharing data wirelessly over the Internet, but how secure is it?

Read Article List Item 2

CONTACT

Phone: (313) 461-2689

JessP@DefenseCyberSolutions.com

SHARE OUR SITE

CMMC Registered Practitioner

Jessica Salinas Pellegrino CEO

Copyright © 2024 All rights reserved. | Defense Cyber Solutions | Accessibility Statement | Privacy

Share by: