The U.S. Department of Defense (DOD) published a rule that gives government contractors a deadline of December 31, 2017 to implement the requirements of the National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-171. This is commonly called DFARS compliancy.
These requirements protect the confidentiality of Controlled Unclassified Information (CUI) in non-federal systems and organizations. Contractors that find themselves non-compliant can be penalized with loss of contracts and associated penalties.
Critical Path Security can help. Our team has decades of experience with DOD Subcontractors, we speak the language and clearly understand the challenges.
The federal government is placing an ever-increasing emphasis on addressing cybersecurity threats. Any organization doing business with the federal government should expect these types of requirements to continue to evolve and intensify.
Contractors are obligated to rapidly report (within 72 hours of discovery) any cyber incident that affects the covered contractor’s information system, covered defense information, or the contractor’s ability to provide operationally critical support.
In addition, the reporting obligations require that contractors isolate and capture malicious activity and provide access to covered contractor information systems and other information if requested by the DOD.
Critical Path Security provides an experienced and trusted ally for those difficult situations.
Call us today!