Search Results for: 800-171

Live Webinar NIST 800-171 Compliance Higher Education / Research Institutions

Thursday, May 10, 2018 2 – 3pm EST Register here Heather Engel, Sera-Brynn’s Chief Strategy Officer will discuss the challenges colleges and universities face as they attempt to secure their cyber infrastructure to comply with new federal regulations as a condition of receiving research grants. Sera-Brynn is a top 10 global cybersecurity compliance firm. “Most… Read more »

Sera-Brynn to present on NIST SP 800-171 Regulatory Requirements in Blacksburg, VA

Sera-Brynn’s Chief Strategy Officer, Heather Engel, will present a two-hour workshop on Strategic Planning for Cyber Risk: Protecting Data and Meeting Regulatory Requirements with NIST SP 800-171 on March 27, 2018 from 2:00pm to 4:00pm. Sponsored by the Virginia Tech Corporate Research Center, this session will discuss what these requirements may mean for your organization,… Read more »

Top 10 Mistakes in Implementing the NIST 800-171 Cybersecurity Requirements

Businesses supporting the U.S. Department of Defense work have 10 weeks left to fully comply with the cybersecurity provisions of the Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 and associated clauses. At Sera-Brynn, we’ve been advising clients on the DFARS and NIST requirements since 2014, and we’ve seen mistakes from companies of all sizes… Read more »

NIST 800-171

If you’ve been tasked with implementing NIST Special Publication 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” you should first consider your data types, risk tolerance, and security maturity. Whether required under Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204.7012 or as a security baseline, 800-171 focuses on protecting the confidentiality of data…. Read more »

Achieving NIST 800-171 Compliance: Steps You Can Take

Now that April is here, we are nine months away from NIST 800-171 compliance for defense contractors. As the deadline approaches, it will become more difficult to implement the controls in a cost-effective way that actually offsets risk. If your organization hasn’t already started, further delays will impact your ability to think carefully about what… Read more »

NIST 800-171 vs NIST 800-53: Big Differences

By Heather Engel, EVP Risk Management When evaluating your compliance with Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 and related clauses, or Federal Acquisition Regulations (FAR) Ruling 52.204-21, it’s important to understand the differences between the various National Institute of Standards and Technology (NIST) publications (https://www.nist.gov/publications). We’ll try to simplify it as much as possible,… Read more »

New CUI Rules as Described in NIST 800-171 and DFARS 252.204-7012

We are often asked by our clients how they know what information is considered Controlled Unclassified Information (CUI) or Classified Defense Information (CDI) as described in NIST 800-171 and Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204.7012. Understanding how information is stored, processed or transmitted within your company is essential because NIST 800-171 control 3.8.4… Read more »

DFARS 252.204-7012, NIST 800-171 and Continuous Monitoring

By Heather Engel, Sera-Brynn, Executive Vice President  This article is the fourth in a series One of Sun Tzu’s more famous quotes from his book, “The Art of War,” is this: “The supreme art of war is to subdue the enemy without fighting.” Although the cagey, ancient Chinese general could not comprehend a future of… Read more »

Our 5 Favorite Blogs of 2018 on Cybersecurity and Privacy for Businesses

FedRAMP strategy, red teaming, NIST privacy standards, evolving Federal acquisition rules, Ohio’s new cybersecurity safe harbor law – these are some of the Sera-Brynn staff blog topics from 2018.  We wrote about GDPR (but are still digesting PIPEDA, the Canadian privacy law).  We continued to talk about the FAR Reform.  We published a guest blogger’s… Read more »

Ohio’s New Cybersecurity Law Grants Data Breach Litigation Safe Harbor

Ohio’s law – effective November 2018 – creates a safe harbor for organizations that adopt one of 10 cybersecurity compliance frameworks. With a new cybersecurity law, the home of the Rock and Roll Hall of Fame is now rocking the cybersecurity framework discussion. Effective November 2, 2018, Ohio’s law puts cybersecurity frameworks centerstage. The law… Read more »