DFARS

Everything you need to know about government acquisition cyber clauses. If you are doing business with the Department of Defense or United States Government, you’ll find lots of guidance in our knowledge base. We provide analysis on DFARS 252.204 and related clauses. We post news, changes, updates; in other words news you need to get and stay compliant.

The Higher Ed Model for Cybersecurity Compliance

There are fundamental challenges to fully implementing the NIST 800-171 cybersecurity framework. However, a new study shows that higher education institutions overcome these challenges and place among the top tier of organizations for compliance. Organizations that handle sensitive government information and data face a foreign intelligence threat that is unprecedented in history. Despite this, most… Read more »

CMMC Listening Tour Event in Huntsville, Ala. to Feature Sera-Brynn Expert Heather Engel

The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) has announced a new stop on its Cyber Security Maturity Model (CMMC) listening tour: the Cloud Security and Compliance conference. Hosted by Summit 7 Systems, the one-day conference will be held in Huntsville on August 27, 2019. Registration is available here. Presenting… Read more »

Live Webinar: Impacts of New NIST 800-171 (Revision 2) on Government Contractors

Heather Engel, Chief Strategy Officer of Sera-Brynn, will join Scott Edwards, Summit 7 Systems President, to discuss the highly-anticipated revision to NIST SP 800-171. NIST 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, was first published in December 2016 (and updated in June 2018).  Under Defense Federal Acquisition Regulation Supplement (DFARS), all U.S…. Read more »

Oversight is Coming – Part 2: DCMA to Assess Supply Chain Compliance with DFARS

Last week, we covered the DoD memo assigning DCMA audit responsibilities for marking CUI. The same memo indicates that DCMA will also be evaluating a contractor’s procedures for assessing supply chain compliance with DFARS 252.204-7012. Today we are taking a deeper dive into what that means and what a supply chain assessment looks like. As… Read more »

Oversight is Coming: How to Prepare for a DCMA Supply Chain Audit

This article is the first in a two-part series. On January 21, 2019 the DoD released a memo requiring DCMA to validate contractor procedures for supply chain management. If you are a prime or sub on Department of Defense contracts, then your contracts are already subject to DCMA administrative oversight. This new memo adds to… Read more »

The 2019 DFARS Glossary: Cybersecurity Acronyms for Government Contractors

It’s 2019 and our updated DFARS glossary is here. With our expanded DFARS glossary, Sera-Brynn defines key terms for cybersecurity compliance in the government space. There are many key terms you need to know – especially if you’re part of the DIB (see below), working through the DFARS cyber regulation, using cloud services, or responsible… Read more »

Our 5 Favorite Blogs of 2018 on Cybersecurity and Privacy for Businesses

FedRAMP strategy, red teaming, NIST privacy standards, evolving Federal acquisition rules, Ohio’s new cybersecurity safe harbor law – these are some of the Sera-Brynn staff blog topics from 2018.  We wrote about GDPR (but are still digesting PIPEDA, the Canadian privacy law).  We continued to talk about the FAR Reform.  We published a guest blogger’s… Read more »

Still Lagging on DFARS? The Navy Has A Memo For You

by Heather Engel, Sera-Brynn Chief Strategy Officer The Assistant Secretary of the Navy recently released a memo imposing additional requirements on select contracts. For the last three years, Defense contractors have been working (some more diligently than others) to comply with DFARS clause 252.204-7012 that requires implementation of NIST SP 800-171. I’ve written numerous articles… Read more »

What Cybersecurity is Really About in 2018

By Rob Hegedus, CEO, Sera-Brynn It’s not about the technology, it’s about insurability. With the implementation of GDPR, the inevitable FAR-wide adoption of NIST 800-171 standards (already mandatory for Department of Defense contractors), and the latest news on cybersecurity legislation from New York and South Carolina, the global business community as a whole is slowly but… Read more »