Objectives
- To assist the Federal Contractor implement the NIST SP 800-171 controls, and a FedRAMP Moderate Impact Level for cloud environments used to store, process, or transmit CUI
- Integrate systems and processes in a manner that helps the Federal Contractor to proactively monitor, rapidly report, and effectively address cyber incidents.
- To ensure that the Federal Contractor’s personnel are adequately trained on effective media preservation and protection methods, cyber incident reporting, and proper mechanisms to safeguard Covered Defense Information (CDI).
Background
A Federal Contractor that provides specialized equipment to the U.S. military, sought to secure and grow their position within the defense industry. However, to be eligible for DoD contracts, they needed to comply with the DFARS 252.204-7012, which requires contractors to safeguard CUI. Failure to show compliance with this regulation would jeopardize their existing contracts and restrict access to new ones, putting their business at risk.
Challenges
- Understanding DFARS 252.204-7012: The Federal Contractor had limited knowledge about the intricacies of DFARS 252.204-7012 and the specific requirements for protecting CUI, making it difficult to devise a comprehensive compliance strategy.
- Identifying and Locating CUI: The client’s challenge was to accurately identify where CUI was stored within their systems and how to implement adequate safeguards to protect it.
- Integration with Existing Systems: Integrating DFARS compliance measures into their existing IT infrastructure and business processes was a complex and challenging task considering they didn’t have adequately trained personnel.
Solutions
- DFARS 252.204-7012 Compliance Assessment: Cleared Systems conducted a comprehensive assessment of the client’s existing systems, data storage practices, and cybersecurity measures to identify gaps in compliance.
- Customized Compliance Plan: We developed a tailored compliance plan that detailed the steps necessary to meet DFARS 252.204-7012 requirements. This included implementing access controls, encryption, continuous monitoring, and incident response procedures.
- Education and Training: To address the client’s limited knowledge, we provided training to their employees, helping them understand the importance of CUI protection and the specifics of DFARS compliance.
- Resource Allocation and Recommendations: We worked with the client to optimize their resource allocation for cybersecurity, recommending cost-effective measures that aligned with their specific needs and constraints.
- Integration Assistance: Our experts assisted the client in integrating the compliance measures into their existing systems and processes. This involved implementing new technologies and practices, especially the specifications of NIST SP 800-171, and an integration of a Cloud Services from a FedRAMP Moderate Baseline provider.
Benefits
- DFARS Compliance: The client successfully achieved DFARS 252.204-7012 compliance, securing their existing contracts and positioning themselves for future defense contracts.
- Enhanced Cybersecurity: The client’s cybersecurity posture was significantly strengthened, reducing the risk of data breaches and cyberattacks. This enhanced security improved their reputation among customers and partners.
- Access to New Contracts: With DFARS compliance in place, the Federal Contractor expanded its opportunities in the defense sector, increasing their revenue and market share.
- Competitive Advantage: Compliance with DFARS 252.204-7012 gave the Federal Contractor a competitive edge in the industry, demonstrating their commitment to safeguarding sensitive information.