Search Results for: dfars

Using NIST SP 800-171A to Perform Self-Assessments and Scoring under the New DFARS Cybersecurity Rule

You are probably well aware at this point that the Department of Defense has published new (interim) cybersecurity rules (effective November 30, 2020). Much of the press around this announcement has been about the Cybersecurity Maturity Model Certification (CMMC). However, it is unknown when and to whom CMMC will apply over the next five years…. Read more »

DoD Now to Require Cybersecurity Self-Assessments with New DFARS Rule

On September 29, 2020, the Department of Defense (DoD) issued an  interim rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS). The interim rule implements the Cybersecurity Maturity Model Certification (CMMC) program. The rule introduces a new construct: the DoD Assessment Methodology.  Before contracts undergo a full CMMC review, this new construct will serve as… Read more »

Navy Gets Tough on DFARS Cybersecurity Compliance with Updated Acquisition Regulations

Last year we told you about a 2018 Navy memo, known as the Geurts Memo, which required defense contractors to implement certain controls for NIST SP 800-171, some of them going beyond 171 requirements. If you didn’t see our write-up, it can be found here: “Still Lagging on DFARS? The Navy Has A Memo For… Read more »

Oversight is Coming – Part 2: DCMA to Assess Supply Chain Compliance with DFARS

Last week, we covered the DoD memo assigning DCMA audit responsibilities for marking CUI. The same memo indicates that DCMA will also be evaluating a contractor’s procedures for assessing supply chain compliance with DFARS 252.204-7012. Today we are taking a deeper dive into what that means and what a supply chain assessment looks like. As… Read more »

The 2019 DFARS Glossary: Cybersecurity Acronyms for Government Contractors

It’s 2019 and our updated DFARS glossary is here. With our expanded DFARS glossary, Sera-Brynn defines key terms for cybersecurity compliance in the government space. There are many key terms you need to know – especially if you’re part of the DIB (see below), working through the DFARS cyber regulation, using cloud services, or responsible… Read more »

Still Lagging on DFARS? The Navy Has A Memo For You

by Heather Engel, Sera-Brynn Chief Strategy Officer The Assistant Secretary of the Navy recently released a memo imposing additional requirements on select contracts. For the last three years, Defense contractors have been working (some more diligently than others) to comply with DFARS clause 252.204-7012 that requires implementation of NIST SP 800-171. I’ve written numerous articles… Read more »

DoD releases a much-anticipated update to the FAR/DFARs FAQs.

What you need to know now By Heather Engel, Sera-Brynn Chief Strategy Officer DoD’s original FAQ was issued in January 2017, with answers to 59 questions on general application, security requirements, and cloud computing. The FAQ issued on April 2, 2018 nearly doubles that with answers to 109 questions on DFARS 252.204-7008 and 252.204-7012, FAR… Read more »

DFARS 7012 and Supply Chain Cyber Risk Management

Day-in and day-out, U.S. companies are under cyber-attack by criminals, hacktivists, bored kids and nation-states. Nation-state sponsored actors, including China and Russia, are known as Advanced Persistent Threat (APT) actors, and have been extremely successful in compromising the networks of commercial organizations, particularly those companies conducting work for the Department of Defense. In fact, these… Read more »

DFARS 7012 & NIST 800-171 Compliance Services

Sera-Brynn provides expert cybersecurity compliance analysts to assess your information systems and cybersecurity program against the requirements specified in DFARS 252.204-7012 and NIST SP 800-171. This may include: Conducting an in-depth technical review of your environment Mapping existing security plans and technologies to NIST 800-171 Creating customized policies as required Identifying required solutions or procedural… Read more »