DFARS Compliance

DFARS ComplianceThe countdown to DFARS compliance is just around the corner...ARE YOU READY?

The Department of Defense (DoD)  issued a final rule to clarify the Defense Federal Acquisition Regulation Supplement (DFARS) that requires contractors to implement information security strategies before December 31, 2017.

What you do…or better yet, DON’T do…will impact your ability to secure and perform DoD contracts.

We offer expert advice from Certified Information Systems Security Professionals (CISSP’s), with in depth experience in managing compliance programs for Federal standards such as DFARS, industry standards such as PCI DSS, and regulatory standards such as FFIEC and SEC. Emerald City Solutions can fill in the gaps to help you meet the standards required by the Office of Small Business Programs of the DoD.

 What does this mean?

Businesses contracting with the Department of Defense (DoD) and federal civilian executive branch agencies must implement the National Institute of Science and Technology (NIST) SP 800-171 security requirements. This includes any of the following:

  • Service providers that process, store and transmit federal data on their systems, such as cloud service providers (CSPs)
  • Credit card & other financial services providers; web and email service providers
  • Background check companies for security clearances
  • Cloud and data hosting providers
  • Contractors that develop communications, satellite and weapons systems
  • Many more, contact us today to see if your company needs to be compliant

Does your enterprise have documented controls and management oversight for all of the following processes? This is only a sample of the DFARS/NIST SP 800-171 requirements. Any missing policies/procedures/controls could result in negative reports from third-party assessors. Emerald City Solutions can help fill those gaps. For example:

- Security Program Organization: Security policy development; security awareness training; information classification and need-to-know; personnel screening and authorization to access sensitive data.

Software and Hardware: Documented configuration baselines and version management; vulnerability scanning and remediation; patch management.

- Application/Service Architecture: Architecture standards, including user and service authentication, data exchanges, network segmentation.

- Intrusion Defense: Anti-virus and anti-malware, intrusion detection and prevention, incident response.

We are cyber security experts specializing in small business. We chose this niche because it is important and under-served. Emerald City Solutions is also a small business staffed by dedicated, talented and expert personnel who are motivated by a desire to help our customers. Call us today at (206) 340-1616 to get your security assessment started, and ensure a successful road ahead!

Learn MoreCISSP Certified

.