Are you the weakest link ?
n response to the recent executive orders and growing pressure from high profile government data breaches, the DoD approved and updated the interim rule for the Defense Federal Acquisition System in August and December 2015. The interim rule has immediate effect and targets companies of all sizes.
The interim rule includes the following clauses:
- 252.204-7008, Compliance with Safeguarding Covered Defense Information Controls,
- 252.204-7009, Limitations on the Use and Disclosure of Third-Party Contractor Reported Cyber Incident Information,
- 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting,
- 252.239-7009, Representation of Use of Cloud Computing, and
- 252.239-7010, Cloud Computing Services.
- Details are posted in our blog and CKSS White paper
nder DFARS 252.204-7012, a contractor must implement the security requirements in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, that is in effect at the time the solicitation is issued by the Contracting Officer, or as soon as practical, but not later than December 31, 2017. For further information on NIST SP 800-171, see the CKSS white paper and our blog .
DFARS 252.204-7012 Compliance Countdown
At CKSS, we understand DFARS 252.204-7012 compliance and how it can help your business become more secure. We have expertise to help you achieve and maintain compliance.
Our firm is focused on organizations who are facing cyber threats and regulatory compliance requirements with minimal or no dedicated IT security personnel.
Our proprietary methodology is based on the NIST Risk Management Framework and Best Practice. We provide the following services:
- Gain a comprehensive understanding of DFARS 252.204-7012 and what it takes to comply. We focus on architectural changes, policies, procedures, security plans, and technologies that are required for a mature secure program.
- Set organizational expectations for compliance through key stakeholder education and buy-in.
- Provide decision-makers with a Roadmap/Strategy outlining the corrective actions required for achieving and maintaining compliance.
- Results include a clear picture of compliance costs, timelines, resources (internal and external) required to achieving and maintaining compliance.
- Creation/enhancement of a DFARS compliant environment to include architectural changes, implementation/refinement of tools; vulnerability management; and creation/update of security policies, procedures, and security plan documents.
- Independent Risk Assessment: Conduct 3rd party assessments to validate the various safeguards implemented during the remediation phase of the project. Service is provided to clients who have not worked with CKSS on remediation activities.
- Conduct compliance and operational continuous monitoring activities.
Complete the form on the right to schedule your FREE DFARS GAP Consultation or call 443-459-1589
CKSS has adopted a strategic approach to security by establishing an enterprise-wide Corporate Risk, Information Security, and Privacy Function program that can help organizations of any size respond to DFARS 252.204-7012 requirements.
CKSS is located in a Data Center that is SSAE16 Type II / TIA-942 Certified and is compliant with FISMA, HIPAA, SOX, PCI, and NIST regulations.
CKSS employs top of the line data protection solutions for data at rest and in transmit. E-mails and attachments are encrypted using FedRAMP certified solutions. Zipped files are compressed using FIPS 140-2 software. Client data is destroyed using secure tools after the conclusion of an engagement.
We have years of experience working with contractors of all sizes. Our team of specialists have extensive experience in helping small to medium organizations implement and maintain robust information security in addition to helping them achieve and maintain compliance with FISMA, DFARS 252.204-7012, NISPOM, HIPAA, PCI DSS, and other state-level and national regulations.
We have conducted FedRAMP Gap Analysis, DFARS 252.204-7012 Gap Analysis, NISPOM Gap Analysis, HIPAA Gap Analysis, ISO 27001 Gap Analysis, Infrastructure Audits, PCI/DSS Risk Assessments, Security Assessment and Authorization (C&A), NIST Framework Governance, DFARS 252.204-7012 Remediation, and Continuous Monitoring.
Our security professionals have successfully implemented various security tools, virtual private networks, network designs, firewalls, IDS/IPS, server hardening, and server virtualization.
Our consultants have industry’s most prestigious certifications such as:
- Certified Information System Security Professional(CISSP)
- Certified Information Systems Auditor (CISA)
- Certified GIAC Systems and Network Auditor (GSNA)
- Certified Risk Information Systems Control (CRISC)
- Certified ITIL Foundations, V3
- Certified Information and Certified Information Security Manager (CISM)
- Cisco Certified Network Associate (CCNA)
- Certified Microsoft System Administrator (MCSA)
- Certified Check Point Security Administrator (CCSA)
- Certified HIPAA Professional (CHP)
- Cisco Certified Network Professional – (CCNP R&S/Security)
- Cisco Certified Network Administrator – (CCNA)
- AWS - Amazon Certified Solutions Architect
- Project Management Professional – (PMP)
Complete the form below to download our DFARS White Paper and schedule
your FREE DFARS GAP Consultation
or call 443-459-1589.