It’s Bingo Time if You Need to Comply with DFARS Cyber Rules

U.S. Business Should Brace Itself for European Union Cybersecurity Rules
April 6, 2017
New York State Cyber Regulation
April 20, 2017

It’s Bingo Time if You Need to Comply with DFARS Cyber Rules

In military aviation, “Bingo” is the point at which you are approaching a fuel emergency and need to divert or return to base. If you are a Defense contractor working towards compliance with DoD cybersecurity rules by the mandatory December 31, 2017 deadline, you probably already know this: You are approaching Bingo.

First introduced in August of 2015, the DFARS cyber rules provide that Defense contractors (and subcontractors) must be fully compliant with NIST SP 800-171 if they handle covered defense information.

This means that the 14 control areas of NIST SP 800-171 must be implemented by December 31, 2017.

The control areas are:

  • Access Control
  • Awareness& Training
  • Audit and Accountability
  • Configuration Management
  • Identification and Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Personnel Security
  • Physical Protection
  • Risk Assessment
  • Security Assessment
  • System and Communication Protection
  • System and Information Integrity

For many companies, this is daunting. We are hearing this every day. But the approaching DFARS deadline means that you have nine months to take a deep look at your IT environment. You have nine months to track the way you receive, process, and store covered defense information. You have nine months to evaluate, purchase, and implement new technologies.

In nine months you must have plans and policies in place that will likely change the way your business handles data. It will likely change the way your business does business.

It’s the line in the sand.

You are now approaching Bingo.

Contact us today if you’d like help with ensuring DFARS compliance will not be a hindrance to your business once the deadline passes.