Sera-Brynn releases “Reality Check: Defense Industry Implementation of NIST SP 800-171” – a get-real analysis of its cybersecurity assessments in the defense industry. The report provides the insights, charts, graphs, and statistics that tell the story of an industry struggling with compliance.
FOR IMMEDIATE RELEASE: May 15, 2019, SUFFOLK, VA. Today, the certified cybersecurity assessment team from Sera-Brynn published “Reality check: Defense industry’s implementation of NIST SP 800-171.” The report analyzes data from two years of DFARS compliance assessments. It identifies areas where defense contractors fall short in implementing the mandatory DFARS clause and associated NIST controls.
The report provides both a broad overview of defense industry compliance, as well as specific areas of consistent non-compliance. Insights into where and why contractors struggle with specific controls permeate the report.
For instance, the report notes:
· On average, companies in the study had implemented only 39% of the required security controls.
· Over 80% of companies assessed failed to implement 16 specific controls.
· 80% of companies in the study failed to implement NIST SP 800-171 Rev. 1 control 3.13.13 (“Control and monitor the use of mobile code.”) Many data subjects incorrectly believed this control relates to mobile devices.
The full report can be read here.
“Security control implementation and effectiveness can be measured,” states Rob Hegedus, Sera-Brynn CEO. “And if it can be measured, it can be improved. It was time for us to share what we’ve learned.”
Sera-Brynn’s report is helpful for companies proactively seeking to improve their DFARS compliance programs internally and throughout their supply chains. Government auditors and enforcement agencies will also benefit from the insights.
Sera-Brynn is a global leader in providing cybersecurity compliance audit and advisory services. Founded in 2011 by former members of the U.S. intelligence community, Sera-Brynn partners with some of the world’s most respected and recognized brands to help them interpret and meet cybersecurity regulatory requirements.
For more information, contact us at 1-757-243-1257 or at firstname.lastname@example.org.