For Defense Contractors of all sizes, whether a Prime Contractor or Subcontractor, compliance with DFARS clause (DFARS 252.204.7012) Safeguarding Covered Defense Information and Cyber Incident Reporting is mandatory by December 31 of 2017. With its Defense Grade Cybersecurity background and expertise in security assessments, MainNerve can assist your organization in having the assurance that your business understands the necessary steps in being compliant with this clause.
With its extensive Defense Contracting experience, MainNerve understands DFARs cybersecurity requirements.
The DFARS clause specifically states that defense contractors will ensure that any Controlled Unclassified Information (CUI), is appropriately protected as outlined in the National Institute of Standards and Technology (NIST) Special Publication 800-171 Revision 1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. According to the clause, all defense contractors both in a Prime and Subcontractor position are required to meet the requirements of NIST SP 800-171 by December 31.
What does this mean?
If your organization has access to defense information that is considered Controlled Unclassified Information) such as defense contract information, indirect or direct pricing information, not to mention classified data, compliance with DFARS Clause 252.204.7012 and NIST 800-171 Revision 1 is mandatory.
How do I become Compliant?
All Defense Contractors must conduct an internal or external assessment of how they are compliant with the 110 controls that are outlined in NIST SP 800-171. They are required to create a system security plan that outlines how the defense contractor complies with each of the controls or how they plan to meet the control requirements.
Risk Assessment Checklist: Compliance with DFARS can seem like an overwhelming challenge, especially for the smaller defense contractors. As a certified defense contractor with 15 years of experience, MainNerve understands the requirements to be compliant with DFARS. For its clients, MainNerve provides a DFARS related security assessment checklist that covers all 110 controls and providing the defense contractor with the ability to create their own security plan that meets DFARS Clause 252.204.7012 and NIST 800-171 Revision 1 requirements to protect CUI.
Vulnerability Scanning: Vulnerability Scanning is required on a quarterly basis under the DFARS clause. MainNerve has extensive experience providing its customers affordable vulnerability scanning services using the industry’s leading tools.
Audit Logs: Providing an audit trail is a requirement to maintain DFARS compliance and that means that most companies must acquire a Security Event Identification and Management (SEIM) solution to parse and store log data. MainNerve has a proprietary, highly affordable solution called Netforce Defender that can provide high quality SEIM support at a very low monthly cost. A freeware version is also available on the internet for downloading.
Penetration Testing: MainNerve is one of the leading penetration testers in the U.S. with hundreds of customers and highly trained, accredited and experienced penetration testers. While penetration testing is not mandated under the DFARS clause, it is a recommended practice and annual penetration tests and quarterly scans are encouraged to demonstrate “best practice” cybersecurity principles in case of a breach or audit as well as heighten your cybersecurity posture.
Defense Program and Acquisition Policy
National Institute of Standards and Technology Special Publication 800-171 Revision 1