CUI

Using NIST SP 800-171A to Perform Self-Assessments and Scoring under the New DFARS Cybersecurity Rule

You are probably well aware at this point that the Department of Defense has published new (interim) cybersecurity rules (effective November 30, 2020). Much of the press around this announcement has been about the Cybersecurity Maturity Model Certification (CMMC). However, it is unknown when and to whom CMMC will apply over the next five years…. Read more »

DoD Now to Require Cybersecurity Self-Assessments with New DFARS Rule

On September 29, 2020, the Department of Defense (DoD) issued an  interim rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS). The interim rule implements the Cybersecurity Maturity Model Certification (CMMC) program. The rule introduces a new construct: the DoD Assessment Methodology.  Before contracts undergo a full CMMC review, this new construct will serve as… Read more »

What’s New in CMMC Draft Version 0.6?

In November, the DoD released the newest draft of the  Cybersecurity Maturity Model Certification (CMMC), version 0.6.  CMMC Version 0.6 revised Levels 1-3.  Levels 4-5 are expected to be addressed in the next version. Key points on FCI and CUI Levels 1 and 2 are not intended for Controlled Unclassified Information (CUI). Instead, Levels 1… Read more »

Join Sera-Brynn on June 21 in DC @ the CUI Industry Day

Sera-Brynn is excited to be part of the National Archives and Records Administration (NARA)’s 2nd Industry Day on the Controlled Unclassified Information (CUI) program. The one-day event (free and open to the public) is a good spot to connect face-to-face with some of the Sera-Brynn team, and check out the services that have been developed… Read more »

An Analyst Perspective: Sera-Brynn’s Report on NIST 800-171. Is Compliance Achievable?

Sera-Brynn’s report, “Reality Check: Defense Industry’s Implementation of NIST SP 800-171. Keen insights from certified cybersecurity assessors,” was published in May 2019. If you didn’t have time to read it, it tells the story of an industry struggling to fully comply with the controls of NIST 800-171, which are required to protect sensitive Government data…. Read more »

Live Webinar: Impacts of New NIST 800-171 (Revision 2) on Government Contractors

Heather Engel, Chief Strategy Officer of Sera-Brynn, will join Scott Edwards, Summit 7 Systems President, to discuss the highly-anticipated revision to NIST SP 800-171. NIST 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, was first published in December 2016 (and updated in June 2018).  Under Defense Federal Acquisition Regulation Supplement (DFARS), all U.S…. Read more »

Oversight is Coming – Part 2: DCMA to Assess Supply Chain Compliance with DFARS

Last week, we covered the DoD memo assigning DCMA audit responsibilities for marking CUI. The same memo indicates that DCMA will also be evaluating a contractor’s procedures for assessing supply chain compliance with DFARS 252.204-7012. Today we are taking a deeper dive into what that means and what a supply chain assessment looks like. As… Read more »

Oversight is Coming: How to Prepare for a DCMA Supply Chain Audit

This article is the first in a two-part series. On January 21, 2019 the DoD released a memo requiring DCMA to validate contractor procedures for supply chain management. If you are a prime or sub on Department of Defense contracts, then your contracts are already subject to DCMA administrative oversight. This new memo adds to… Read more »

The 2019 DFARS Glossary: Cybersecurity Acronyms for Government Contractors

It’s 2019 and our updated DFARS glossary is here. With our expanded DFARS glossary, Sera-Brynn defines key terms for cybersecurity compliance in the government space. There are many key terms you need to know – especially if you’re part of the DIB (see below), working through the DFARS cyber regulation, using cloud services, or responsible… Read more »

Visit Sera-Brynn’s Booth at NARA’s CUI Industry Day!

Sera-Brynn offers professional services and tools to help identify and map the flow of Controlled Unclassified Information (CUI) throughout a government contractor’s information systems. The presence of CUI is of significant consequence to government contractors and their cybersecurity programs. On December 10, 2018, the National Archives and Records Administration (NARA) is hosting an event on… Read more »