The National Defense Industrial Association: San Diego Chapter, recently released a list of significant news relating to cybersecurity and the Department of Defense. Most of this news is regarding the government crack-down of cybersecurity, due to the recent government data breaches.
“Military Technology Transfer: Threats, Impacts, and Solutions for the Department of Defense”
On June 21, 2018, The Department of Defense delivered joint testimony on “Military Technology Transfer: Threats, Impacts, and Solutions for the Department of Defense” before the House of Armed Services. The DoD stated that “they will adopt a ‘Deliver Uncompromised’ approach that treats security as the ‘Fourth Pillar’ of acquisition decisions.” In other words, the Department of Defense will no longer allow businesses to work on defense contracts if they do not meet the requirements by NIST SP 800-171.
Are You Truly NIST Compliant?
In February 2018, NIST announced the release of the final draft of NIST SP 800-171, Assessing Security Requirements for Controlled Unclassified Information. The government is worried that companies who have already “implemented compliance based on their own interpretations” may be affected if their comprehension of the document differs from the government’s guidelines. Be sure to take action based on the exact requirements stated in the latest version of the NIST document, or your contracts and your business will be put at risk.
Non-Compliance to Blame for Recent Cyber Incidents
The recent loss of the U.S. Navy’s sensitive data due to a subcontractor not being compliant has brought to light many issues. First, the severity of the cyber threats at-hand is much higher than originally thought. Second, the government and our national security has been extremely ill-prepared in the past and was not equipped to prevent these attacks. Now, the Department of Defense is quickly escalating the importance of protecting information across the supply chain.
Looking to Become Compliant?
NeQter Labs is a company that was created around the NIST SP 800-171 document. Our company has developed a software solution that pulls together a large sum of the controls stated by NIST, to assist companies like yours in becoming compliant quickly, and cost effectively. A few of the controls that NeQter Labs can assist you in meeting include active directory and file server monitoring, building your SSP (System Security Plan) and POA&M (Plan of Action & Milestones), vulnerability scanning, network monitoring, inventory monitoring, and more.
References
https://docs.house.gov/meetings/AS/AS00/20180621/108468/HHRG-115-AS00-Wstate-BingenK-20180621.pdf
https://csrc.nist.gov/News/2018/NIST-Releases-Final-Draft-SP-800-171A
Gloria Shomo, NDIA San Diego Chapter. Cyber Collaboration Center NIST 800-171A Requirements.
www.CyberCollaborationCenter.org.