NIST

The 2019 DFARS Glossary: DFARS vs FAR and Other Acronyms for Government Contractors

It’s 2019 and our updated DFARS glossary is here. With our expanded DFARS glossary, Sera-Brynn defines key terms for cybersecurity compliance in the government space. There are many key terms you need to know – especially if you’re part of the DIB (see below), working through the DFARS cyber regulation, using cloud services, or responsible… Read more »

Ohio’s New Cybersecurity Law Grants Data Breach Litigation Safe Harbor

Ohio’s law – effective November 2018 – creates a safe harbor for organizations that adopt one of 10 cybersecurity compliance frameworks. With a new cybersecurity law, the home of the Rock and Roll Hall of Fame is now rocking the cybersecurity framework discussion. Effective November 2, 2018, Ohio’s law puts cybersecurity frameworks centerstage. The law… Read more »

Privacy Framework: NIST is in the House.

This month, NIST kicked off a series of public meetings to highlight its efforts to create a voluntary Privacy Framework. Much in the same way it developed the Cybersecurity Framework, NIST is trying to achieve a technology-privacy balance within the guidance by crowdsourcing its way there.  By bringing in views from federal agencies, small businesses,… Read more »

What Cyber Framework Should My Organization Follow?

What are Security Frameworks? Security frameworks provide a calculated approach to determining risk, setting up a security strategy, and allocating security resources. They are (or should be) measurable, repeatable, and are often standardized by industry. With all the frameworks available…NIST, ISO, NERC CIP, PCI…which is right for your organization? Well the answer is…it depends. Where… Read more »

Achieving NIST 800-171 Compliance: Steps You Can Take

Now that April is here, we are nine months away from NIST 800-171 compliance for defense contractors. As the deadline approaches, it will become more difficult to implement the controls in a cost-effective way that actually offsets risk. If your organization hasn’t already started, further delays will impact your ability to think carefully about what… Read more »

NIST 800-171 vs NIST 800-53: Big Differences

By Heather Engel, EVP Risk Management When evaluating your compliance with Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 and related clauses, or Federal Acquisition Regulations (FAR) Ruling 52.204-21, it’s important to understand the differences between the various National Institute of Standards and Technology (NIST) publications (https://www.nist.gov/publications). We’ll try to simplify it as much as possible,… Read more »

DFARS Regulations: Updates all DoD Contractors and Subs Should Know About

By Colleen Johnson | Sera-Brynn Business Development – Regulatory Specialist Defense Federal Acquisition Supplement: DFARS 252.204-7012, as revised on Dec. 30, 2015, is the cybersecurity rule issued by the Department of Defense (DoD) titled, “Safeguarding Covered Defense Information and Cyber Incident Reporting.” The DFARS clause requires all DoD contractors and subcontractors, regardless of size, to… Read more »

Any firm can assess your gaps, only Sera-Brynn delivers solutions

When the Pentagon decided it needed to find vulnerabilities in its cybersecurity system, they turned to the experts on exploiting cybersecurity vulnerabilities: Hackers. The Pentagon’s “Hack the Pentagon” program was launched earlier this year and is already in its second iteration. The Pentagon’s cybersecurity initiative, also known as the “Bug Bounty” program, invited hackers to… Read more »