CUI

Join Sera-Brynn on June 21 in DC @ the CUI Industry Day

Sera-Brynn is excited to be part of the National Archives and Records Administration (NARA)’s 2nd Industry Day on the Controlled Unclassified Information (CUI) program. The one-day event (free and open to the public) is a good spot to connect face-to-face with some of the Sera-Brynn team, and check out the services that have been developed… Read more »

An Analyst Perspective: Sera-Brynn’s Report on NIST 800-171. Is Compliance Achievable?

Sera-Brynn’s report, “Reality Check: Defense Industry’s Implementation of NIST SP 800-171. Keen insights from certified cybersecurity assessors,” was published in May 2019. If you didn’t have time to read it, it tells the story of an industry struggling to fully comply with the controls of NIST 800-171, which are required to protect sensitive Government data…. Read more »

Live Webinar: Impacts of New NIST 800-171 (Revision 2) on Government Contractors

Heather Engel, Chief Strategy Officer of Sera-Brynn, will join Scott Edwards, Summit 7 Systems President, to discuss the highly-anticipated revision to NIST SP 800-171. NIST 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, was first published in December 2016 (and updated in June 2018).  Under Defense Federal Acquisition Regulation Supplement (DFARS), all U.S…. Read more »

Oversight is Coming – Part 2: DCMA to Assess Supply Chain Compliance with DFARS

Last week, we covered the DoD memo assigning DCMA audit responsibilities for marking CUI. The same memo indicates that DCMA will also be evaluating a contractor’s procedures for assessing supply chain compliance with DFARS 252.204-7012. Today we are taking a deeper dive into what that means and what a supply chain assessment looks like. As… Read more »

Oversight is Coming: How to Prepare for a DCMA Supply Chain Audit

This article is the first in a two-part series. On January 21, 2019 the DoD released a memo requiring DCMA to validate contractor procedures for supply chain management. If you are a prime or sub on Department of Defense contracts, then your contracts are already subject to DCMA administrative oversight. This new memo adds to… Read more »

The 2019 DFARS Glossary: Cybersecurity Acronyms for Government Contractors

It’s 2019 and our updated DFARS glossary is here. With our expanded DFARS glossary, Sera-Brynn defines key terms for cybersecurity compliance in the government space. There are many key terms you need to know – especially if you’re part of the DIB (see below), working through the DFARS cyber regulation, using cloud services, or responsible… Read more »

Visit Sera-Brynn’s Booth at NARA’s CUI Industry Day!

Sera-Brynn offers professional services and tools to help identify and map the flow of Controlled Unclassified Information (CUI) throughout a government contractor’s information systems. The presence of CUI is of significant consequence to government contractors and their cybersecurity programs. On December 10, 2018, the National Archives and Records Administration (NARA) is hosting an event on… Read more »

ICYMI: Webinar – Cybersecurity Compliance for Higher Education: 2018 and Beyond, presented by Williams Mullen & Sera-Brynn (03.06.2018)

In case you missed it, watch our latest webinar for higher education here. The complexity of operations, research and compliance mandates in higher education presents unique challenges in securing information systems. Cybersecurity compliance affects everything from the handling of student data to the use of cloud services and supply chain management. You will learn:  … Read more »

Thoughts on How the U.S. Government Calculates Cost of Compliance with Cybersecurity Regulations

How the U.S. Government calculates the cost of complying with the cybersecurity provisions of acquisition regulations. In 2017 the Department of Homeland Security proposed to amend the Homeland Security Acquisition Regulation (HSAR) to address requirements for the safeguarding of Controlled Unclassified Information (CUI). 82 FR 6429 (Jan. 19, 2017). Although this rule is not final,… Read more »

DFARS Regulations: Updates all DoD Contractors and Subs Should Know About

By Colleen Johnson | Sera-Brynn Business Development – Regulatory Specialist Defense Federal Acquisition Supplement: DFARS 252.204-7012, as revised on Dec. 30, 2015, is the cybersecurity rule issued by the Department of Defense (DoD) titled, “Safeguarding Covered Defense Information and Cyber Incident Reporting.” The DFARS clause requires all DoD contractors and subcontractors, regardless of size, to… Read more »