Regardless of the kind of data you hold, protecting it is paramount. However, some data requires more protection ad special handling. Data, especially government data, comes with strict requirements for handling, storing, transmitting, and protecting it. For that reason, most contractors and subcontractors migrate to Microsoft Office 365 GCC (Government Cloud Community) High.
Defense Industrial Base (DIB) has become a target of increasingly complex and frequent cyberattacks. To protect the FCI (Federal Contract Information) and CUI (Controlled Unclassified Information), in November 2021, OUSD A&S announced CMMC 2.0. It aims to dynamically improve the DIB cybersecurity to meet the evolving cyber threats, instill a collaborative culture of cyber resilience and cybersecurity, and ensure accountability while reducing barriers to compliance.
The basic premise of the CMMC is to ensure that by 2025, all the DoD supply chain contractors and subcontractors, except for the providers of commercial-off-the-shelf products, should get a third-party certification for their proficiency in cybersecurity before embarking on the awarded contract.
Controlled Unclassified Information (CUI) refers to information that requires safeguarding or dissemination controls under federal regulations or government-wide policies. CUI is a result of Executive Order 13556, which aims to standardize the management and protection of unclassified information across federal agencies.
In 2007, ITT was fined $100 million for illegally exporting night vision technology. ITT thought that they could work around the imposed restrictions. However, the government didn’t agree with how they interpreted the rules. In April 2018, FLIR Systems was fined $30 million by the State Department for transferring USML data to employees holding dual nationalities. FLIR was also instructed to implement a better compliance strategy and hire a third party to oversee the agreement with Department as part of the penalty. Because of illegally exporting technical drawings of the missile, tanks, and aircraft components to countries like China, the State Department fined Honeywell International $13 million.
Streamline Your NIST SP 800-171 Compliance with Our Assessment Template: A Comprehensive Guide to Evaluating and Enhancing Your Organization’s Cybersecurity Posture
The DoD’s current cybersecurity regulations are specified in the Defense Federal Acquisition Regulation Supplement (DFARS), released in 2015. DFARS required the defense contractors handling Controlled Unclassified Information (CUI) to build resilient cybersecurity infrastructure following the 110 security controls specified by the National Institute of Technology and Standards Special Publication 800-171 (NIST SP 800-171) by the end of 2017.
As a Federal contractor, you are required to comply with Federal regulations related to cybersecurity and data protection. One of the most important of these is 252.204-7012, a regulation that requires contractors to implement adequate security measures to protect controlled unclassified information (CUI).
What is SP 800-171 Rev. 2?
SP 800-171 Rev. 2 is a set of cybersecurity requirements developed by the National Institute of Standards and Technology (NIST) to protect controlled unclassified information (CUI) stored on non-federal information systems. Released in 2020 (updates to January 28, 2021), it aligns with NIST’s Cybersecurity Framework (CSF) and aims to safeguard sensitive information, such as technical data, export-controlled information, or sensitive government information.
ITAR regulates the export and import of defense-related items, services, and data to prevent unauthorized foreign parties from accessing sensitive technology. Compliance is essential for defense industry businesses and those dealing with defense data. It involves protecting technical data, including data security, cloud compliance, document control, and data management.
In today’s digital age, data is the lifeblood of organizations. However, with the increasing volume and complexity of data, managing and securing it has become a significant challenge. The consequences of data breaches can be severe, including financial losses, damage to reputation, legal penalties, and loss of customer trust. Therefore, it is crucial for organizations to implement effective data protection and risk management practices. One such practice is compliance with the ISO 27001 standard.
We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.
Schedule an initial meeting
Arrange a discovery and assessment call
Tailor a proposal and solution
