Author Michael Mullins
By the end of the 2017 calendar year, the Federal Government will require compliance with a set of security requirements outlined in the Federal Information Security Modernization Act (FISMA). These are described in NIST’s Guides for Applying Risk Management Framework to Federal Information Systems and other associated standards/guidelines.
The Department of Defense (DoD) has developed two cybersecurity requirements for small businesses under DFARS 252.204-7012. The fourteen essential requirements, as shown in the chart, are laid out in a document called NIST SP 800.171.
Who is Affected?
All prime and subcontractors who do business with the Department of Defense (DoD), as well as the General Services Administration and the National Aeronautics and Space Administration (NASA), will need to comply with NIST 800.171 by December 31, 2017. This includes federal contracts that deal with Controlled, Unclassified Information (CUI), or sensitive information provided by the government for a contractor’s use for service delivery. CUI does not refer to publicly available information.
How We Can Help?
NC State Industry Expansion Solutions (IES) and our Partners are well-positioned to support DoD contractors who need to comply with federal cybersecurity requirements. We are a natural home for this kind of work since we offer a unique combination of research and training expertise that bridges gaps between higher education, community and policy-making organizations and industry.
IES is delivering, along with the NC Military Business Center, cybersecurity training seminars that will offer participants an understanding of compliance requirements, risk and potential impact on their business should they encounter viruses, ransomware, breaches and other cyber attacks. Professionals from IES, the North Carolina Military Business Center and the North Carolina Department of Military and Veterans Affairs will lead the instruction. Through group discussions, self-evaluations, review of standards, with relevant illustrations and examples, participants will recognize the risk and know who can help with the Cybersecurity Toolkit.
We hope you’ll join us at one of our events. Cybersecurity Education Road Shows have been confirmed for: Pinehurst, NC, Sept. 14, 2017; Charlotte, NC, Oct. 3, 2017; Swansboro, NC, Nov. 7, 2017 and Greensboro, NC, Nov. 30, 2017.