Thanks to the increasingly sophisticated and aggressive cybersecurity threats facing the U.S., there has been much focus recently on reinforcing the nation’s cybersecurity. Much of this effort has revolved around strengthening the Department of Defense (DoD) supply chain. The Defense Federal Acquisition Regulation Supplement, or DFARS, has been working to encourage DoD contractors to proactively comply with certain frameworks in order to achieve this goal.
Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, is the latest mandatory addition. As of December 31, 2017, all US federal agency prime and subcontractors were required to comply with Defense Federal Acquisition Regulation Supplement (DFARS) minimum security standards to ensure the protection of Controlled, Unclassified Information (CUI) and DoD Covered Defense Information. Compliance with these standards is not only encouraged and expected, but required by OEMs and key members of defense- and commercial-sector supply chains. Those that do not comply are at risk of “losing their DoD contracts.” However, many small and medium-sized defense contractors are non-compliant with these requirements due to a lack of awareness, understanding, and/or action. To ensure that NC’s defense contractors are compliant with DFARS standards and protected against costly cyber attacks, NC DIDI is offering cybersecurity training. Companies participating in the NC DIDI program will also gain access to IES’s existing cybersecurity training materials and other resources offered by third-party cybersecurity service providers in NC.