Jeffrey Ziplow | June 30, 2017
With the threat of cybersecurity breaches on the rise, the U.S. Government has implemented new security standards for Department of Defense (DoD) contractors, including manufacturers. Defense contractors possessing covered defense information must now implement 109 safeguards that are outlined in NIST SP 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.”
These new requirements apply to your organization if you possess information in the performance of your DoD contract which is listed in the Controlled Unclassified Information (CUI) Registry and is:
- Marked or otherwise identified in the contract, task order or delivery order and provided to the contractor by or on behalf of DoD in support of the performance of the contract; or
- Collected, developed, received, transmitted, used, or stored by or on behalf of the contractor in support of the performance of the contract.
What does this mean for you?
If you are a manufacturer and perform any contracted work with DoD, you are likely subject to these requirements and must comply by the end of the year or risk losing your DoD contract. With 2017 almost at the halfway point, now is the time to make sure you’re working on an implementation plan for these new regulations. We’ve created a sample implementation timeline to follow:
|
Select Vendor for Cyber Assessment |
ASAP |
|
Conduct Gap Assessment of |
By September 1, 2017 |
|
Provide DoD With Areas |
By October 1, 2017 |
|
Remediate Issues of Non-Compliance |
By December 31,2017 |
Getting Started
Contact a member of the BlumShapiro Consulting cybersecurity team to determine the next steps your organization should be taking to comply with all 109 safeguards within the timeline specified. From an initial cybersecurity assessment, to providing solutions to remediate any compliance gaps that are identified, BlumShapiro is here to help assure your organization remains in good standing with the Department of Defense.
