DFARS

Everything you need to know about government acquisition cyber clauses. If you are doing business with the Department of Defense or United States Government, you’ll find lots of guidance in our knowledge base. We provide analysis on DFARS 252.204 and related clauses. We post news, changes, updates; in other words news you need to get and stay compliant.

The 2019 DFARS Glossary: DFARS vs FAR and Other Acronyms for Government Contractors

It’s 2019 and our updated DFARS glossary is here. With our expanded DFARS glossary, Sera-Brynn defines key terms for cybersecurity compliance in the government space. There are many key terms you need to know – especially if you’re part of the DIB (see below), working through the DFARS cyber regulation, using cloud services, or responsible… Read more »

Our 5 Favorite Blogs of 2018 on Cybersecurity and Privacy for Businesses

FedRAMP strategy, red teaming, NIST privacy standards, evolving Federal acquisition rules, Ohio’s new cybersecurity safe harbor law – these are some of the Sera-Brynn staff blog topics from 2018.  We wrote about GDPR (but are still digesting PIPEDA, the Canadian privacy law).  We continued to talk about the FAR Reform.  We published a guest blogger’s… Read more »

Ohio’s New Cybersecurity Law Grants Data Breach Litigation Safe Harbor

Ohio’s law – effective November 2018 – creates a safe harbor for organizations that adopt one of 10 cybersecurity compliance frameworks. With a new cybersecurity law, the home of the Rock and Roll Hall of Fame is now rocking the cybersecurity framework discussion. Effective November 2, 2018, Ohio’s law puts cybersecurity frameworks centerstage. The law… Read more »

Still Lagging on DFARS? The Navy Has A Memo For You

by Heather Engel, Sera-Brynn Chief Strategy Officer The Assistant Secretary of the Navy recently released a memo imposing additional requirements on select contracts. For the last three years, Defense contractors have been working (some more diligently than others) to comply with DFARS clause 252.204-7012 that requires implementation of NIST SP 800-171. I’ve written numerous articles… Read more »

What Cybersecurity is Really About in 2018

By Rob Hegedus, CEO, Sera-Brynn It’s not about the technology, it’s about insurability. With the implementation of GDPR, the inevitable FAR-wide adoption of NIST 800-171 standards (already mandatory for Department of Defense contractors), and the latest news on cybersecurity legislation from New York and South Carolina, the global business community as a whole is slowly but… Read more »

Defense Federal Acquisition Regulation Supplement Presentation

Strategic Planning for Cyber Risk: Protecting Data and Meeting Regulatory Requirements with NIST SP 800-171 Mar 27, 2018 – Everyone welcome! If your organization accepts Federal or Department of Defense dollars, understanding Federal Acquisition Requirements (FAR) and NIST SP 800-171 is a critical compliance issue that affects everything from risk management to supply chain security…. Read more »

Raising the bar on cybersecurity

By Heather Engel, Sera-Brynn Chief Strategy Officer Deputy Defense Secretary Patrick Shanahan said recently that the Defense Department needs to have a much higher standard of security, including for the Defense Industrial Base and warned that a high bar for cybersecurity will be a condition of doing business. For the last several years, defense contractors… Read more »

A New Model for Supply Chain Cybersecurity: Less Reporting, More Hands-On Help for the Most Vulnerable Links in the Chain

New advisory service from Sera-Brynn helps businesses with supply chain cybersecurity. Suffolk, VA – December 5, 2017. U.S. and international regulations demand businesses address cybersecurity throughout their supply chain. Sera-Brynn, LLC, a FedRAMP-authorized assessor and cyber risk management firm, has expanded services for clients to efficiently and effectively manage cyber risk in their supply chains…. Read more »

DFARS 7012 and Supply Chain Cyber Risk Management

Day-in and day-out, U.S. companies are under cyber-attack by criminals, hacktivists, bored kids and nation-states. Nation-state sponsored actors, including China and Russia, are known as Advanced Persistent Threat (APT) actors, and have been extremely successful in compromising the networks of commercial organizations, particularly those companies conducting work for the Department of Defense. In fact, these… Read more »