By the end of the 2017 calendar year, the Federal Government will require compliance with a set of security requirements outlined in the Federal Information Security Modernization Act (FISMA). These are described in NIST’s Guides for Applying Risk Management Framework to Federal Information Systems and other associated standards/guidelines.
The Department of Defense (DoD) has developed two cybersecurity requirements for small businesses under DFARS 252.204-7012. The fourteen essential requirements, as shown in the chart, are laid out in a document called NIST SP 800.171.
Figure 1 – DFARS 252.204-7012 Security Control Families and Their Identifiers
Who is Affected?
All prime and subcontractors who do business with the Department of Defense (DoD), as well as the General Services Administration and the National Aeronautics and Space Administration (NASA), will need to comply with NIST 800.171 by December 31, 2017. This includes federal contracts that deal with Controlled, Unclassified Information (CUI), or sensitive information provided by the government for a contractor’s use for service delivery. CUI does not refer to publicly available information.
How We Can Help
NC State Industry Expansion Solutions (IES) and our Partners are well-positioned to support DoD contractors who need to comply with federal cybersecurity requirements. We are a natural home for this kind of work since we offer a unique combination of research and training expertise that bridges gaps between higher education, community and policy-making organizations and industry.
IES is delivering, along with the NC Military Business Center, cybersecurity training seminars that will offer participants an understanding of compliance requirements, risk and potential impact on their business should they encounter viruses, ransomware, breaches and other cyber attacks. Professionals from IES, the North Carolina Military Business Center and the North Carolina Department of Military and Veterans Affairs will lead the instruction. Through group discussions, self-evaluations, review of standards, with relevant illustrations and examples, participants will recognize the risk and know who can help with the Cybersecurity Toolkit.
We hope you’ll join us at one of our events. Cybersecurity Education Road Shows have been confirmed for: Pinehurst, NC, Sept. 14, 2017; Charlotte, NC, Oct. 3, 2017; Swansboro, NC, Nov. 7, 2017 and Greensboro, NC, Nov. 30, 2017.
Michael Mullins is the IES Military Segment Regional Manager serving statewide military clients. Michael is a former Marine and retired Army Lieutenant Colonel that spent the majority of his career at Fort Bragg. He has extensive experience executing and managing Department of Defense training contracts in Sub-Saharan Africa, Eastern Europe, and Southeast Asia. Michael has a Bachelor’s Degree in Political Science and a Master’s Degree in International Relations. He is also a graduate of the U.S. Army Command and General Staff College.