Search Results for: NIST

New CUI Rules as Described in NIST 800-171 and DFARS 252.204-7012

We are often asked by our clients how they know what information is considered Controlled Unclassified Information (CUI) or Classified Defense Information (CDI) as described in NIST 800-171 and Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204.7012. Understanding how information is stored, processed or transmitted within your company is essential because NIST 800-171 control 3.8.4… Read more »

NIST Releases Revision Impacting Defense Contractors, DFARS

The National Institute of Standards and Technology has released a draft Special Publication of NIST SP 800-171 Revision 1, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. This publication is the standard required for compliance with Defense Federal Acquisition Regulation 252.204-7012. You can read a summary of changes on the NIST download page,… Read more »

DFARS 252.204-7012, NIST 800-171 and Continuous Monitoring

By Heather Engel, Sera-Brynn, Executive Vice President  This article is the fourth in a series One of Sun Tzu’s more famous quotes from his book, “The Art of War,” is this: “The supreme art of war is to subdue the enemy without fighting.” Although the cagey, ancient Chinese general could not comprehend a future of… Read more »

Navy Gets Tough on DFARS Cybersecurity Compliance with Updated Acquisition Regulations

Last year we told you about a 2018 Navy memo, known as the Geurts Memo, which required defense contractors to implement certain controls for NIST SP 800-171, some of them going beyond 171 requirements. If you didn’t see our write-up, it can be found here: “Still Lagging on DFARS? The Navy Has A Memo For… Read more »

The Higher Ed Model for Cybersecurity Compliance

There are fundamental challenges to fully implementing the NIST 800-171 cybersecurity framework. However, a new study shows that higher education institutions overcome these challenges and place among the top tier of organizations for compliance. Organizations that handle sensitive government information and data face a foreign intelligence threat that is unprecedented in history. Despite this, most… Read more »

Sera-Brynn SIEMaaS

Meet NIST 800-171 Continuous Monitoring Requirements Most government contractors and suppliers have implemented some of the 110 required controls from NIST 800-171. However, meeting the continuous monitoring requirement can be a challenge for them for two main reasons: Cost and lack of in-house skillsets. We have a solution for this. Our Security Information and Event… Read more »

What You Need to Know About 800-171 Revisions

The long awaited NIST 800-171 Revision 2 and 800-171B drafts were released for comment today. There have been no major changes to the controls in Revision 2. This is good news for many in the DIB who have been diligently working to implement and maintain the security requirements. Of more interest is 171B enhanced security… Read more »

Join Sera-Brynn on June 21 in DC @ the CUI Industry Day

Sera-Brynn is excited to be part of the National Archives and Records Administration (NARA)’s 2nd Industry Day on the Controlled Unclassified Information (CUI) program. The one-day event (free and open to the public) is a good spot to connect face-to-face with some of the Sera-Brynn team, and check out the services that have been developed… Read more »

Pentagon to Unveil New Cybersecurity Maturity Model Certification (CMMC) for Defense Contractors

The Department of Defense announced that it is developing a new cybersecurity standard and certification for defense contractors. It is named the “Cybersecurity Maturity Model Certification” (CMMC). Notably, the intent of the CMMC is to improve cybersecurity deficiencies in the defense industrial base and secure the supply chain. The CMMC is expected to be based… Read more »

Data Security under the California Consumer Privacy Act: Instructions Not Included

“Reasonable security.” If you’re a California business, this is what’s generally expected of you (e.g., Cal. Civ. Code § 1798.81.5).  If you collect personal data, you are expected to secure it.  But what’s the right level of cybersecurity under the California Consumer Privacy Act of 2018 (CCPA)?  Are specific frameworks recommended? Let’s wade into the… Read more »