NIST SP 800-171 Requirement 3.4 Configuration Management
Contractors or vendors that work with the Department of Defense (DoD) need to meet specific cybersecurity regulations. The National Institute of Standards and Technology (NIST) has developed a guide to assist businesses with adherence to Defense Federal Acquisition Register Supplement (DFARS) standards. The fourth of the 14 Families of Requirements for NIST 800-171 compliance is […]
NIST SP 800-171 Requirement 3.3: Audit & Accountability
Companies that work with the Department of Defense (DoD) as contractors or vendors need to meet specific cybersecurity regulations. The National Institute of Standards and Technology (NIST) has developed a guide to assist businesses with adherence to Defense Federal Acquisition Register Supplement (DFARS) standards. The third family of 14 Families of Requirements for NIST 800-171 […]
NIST SP 800-171 Requirement 3.2: Awareness and Training
The National Institute of Standards and Technology (NIST) has developed a guide to assist businesses with adherence to Defense Federal Acquisition Register Supplement (DFARS) standards. The second of the 14 Families of Requirements for NIST 800-171 compliance is awareness and training. What is Awareness and Training in Terms of NIST 800-171? Awareness and training consists […]
NIST SP 800-171 Requirement 3.1 Access Control
Businesses that work with the Department of Defense (DoD) as contractors or vendors need to meet specific cybersecurity regulations.
DFARS Cybersecurity Audits: What to Expect
As cybersecurity compliance becomes more top-of-mind and breaches become a common pit-in-the-stomach reality, the industry is learning an important lesson: An audit is not just a vague and unlikely possibility. It is happening to companies at almost every tier in the defense supply chain.
New DoD Guidance for Evaluating Compliance
Happy Monday, Cyber World! The Department of Defense has just made public their final two guidance documents on assessing compliance with NIST SP 800-171. I’m going to put the highlights into plain English here.
What Should NIST Compliance Actually Cost?
Cyber compliance is now, quite simply, a cost of doing business in the defense sector. And it’s the thousands of small businesses working on specialized solutions that the government worries about most. But in creating our solution, we asked ourselves the hard question: “How is a small business ever going to be able to afford what’s required for compliance?”
What We Learned: Our Compliance Story
As the CEO of Scientific Solutions, Inc. (SSI), a small, highly specialized engineering firm in the defense ecosystem, I work with a team of eight of the best and the brightest engineers. We develop sophisticated SONAR solutions that protect critical assets.
GDPR and NIST Cybersecurity Compliance
By now, most companies know about GDPR and its directives on handling personal data — from email addresses to personnel data. But the connections between NIST cyber security compliance and GRPR compliance is far less obvious.
Identifying and Safeguarding CUI
If you’ve heard of NIST SP 800-171, or operate within the Department of Defense ecosystem, you’re probably familiar with the term CUI, or Controlled Unclassified Information. Often used interchangeably with Covered Defense Information (CDI), CUI is, technically, “information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified.”