The countdown to DFARS compliance is just around the corner…ARE YOU READY?
The Department of Defense (DoD) issued a final rule to clarify the Defense Federal Acquisition Regulation Supplement (DFARS) that requires contractors to implement information security strategies.
What you do…or better yet, DON’T do…will impact your ability to secure and perform DoD contracts.
We offer expert advice from Certified Information Systems Security Professionals (CISSPs), with in-depth experience in managing compliance programs for Federal standards such as DFARS, industry standards such as PCI DSS, and regulatory standards such as FFIEC and SEC. Succurri can fill in the gaps to help you meet the standards required by the Office of Small Business Programs of the DoD.
What Does This Mean?
Businesses contracting with the Department of Defense (DoD) and federal civilian executive branch agencies must implement the National Institute of Science and Technology (NIST) SP 800-171 security requirements. This includes any of the following:
- Service providers that process, store, and transmit federal data on their systems, such as cloud service providers (CSPs)
- Credit card & other financial services providers; web and email service providers
- Background check companies for security clearances
- Cloud and data hosting providers
- Contractors that develop communications, satellite, and weapons systems
Does your enterprise have documented controls and management oversight for all of the following processes? This is only a sample of the DFARS/NIST SP 800-171 requirements. Any missing policies/procedures/controls could result in negative reports from third-party assessors. Succurri can help fill those gaps. For example:
Security Program Organization
Security policy development; security awareness training; information classification and need-to-know; personnel screening and authorization to access sensitive data.
Software and Hardware
Documented configuration baselines and version management; vulnerability scanning and remediation; and patch management.
Application/Service Architecture
Architecture standards, including user and service authentication, data exchanges, and network segmentation.
Intrusion Defense
Anti-virus and anti-malware, intrusion detection and prevention, incident response.
We are cyber security experts specializing in small businesses. We chose this niche because it is important and under-served. Succurri is also a small business staffed by dedicated, talented, and expert personnel who are motivated by a desire to help our customers. Call us today at (206) 785-7828 to get your security assessment started, and ensure a successful road ahead!
Want to learn more about what a Managed Security Services Provider is? Listen to Succurri partner, Grant Eckstrom, and Fractional CMO, Tony Lael, discuss the topic in more depth in this video.
