DFARS 252.204-7012 Compliance
Are you the weakest link ?
n response to the recent executive orders and growing pressure from high profile government data breaches, DOD Issued the Final DFARS Rule on Network Penetration and Cloud Computing on October 2016. The final ruling requires covered contractors to implement certain cybersecurity safeguards and report data breaches within 72 hours and adopt NIST SP 800-171 as the baseline for covered information system security requirements.
DFARS Compliance Requirements
Contractors are encouraged to implement the adequate safeguarding standards in NIST SP 800-171 Revision 1 as soon as practical, but no later than December 31, 2017.
The Final rule includes the following Provisions and Clauses::
- Subpart 204.73 – Safeguarding Covered Defense Information and Cyber Incident Reporting
- Subpart 239.76 – Cloud Computing
- 252.204-7008 – Compliance with Safeguarding Covered Defense Information
- 252.204-7009 – Limitations on the Use or Disclosure of Third-Party Contractor Reported Cyber Incident Information
- 252.204-7012 – Safeguarding Covered Defense Information and Cyber Incident Reporting
- 252.239-7009 – Representation of Use of Cloud Computing
- 252.239-7010 – Cloud Computing Services
- Details are posted in our blog and CKSS White paper
CKSS provides a wide variety of DFARS services. Fill out the form to the right, to receive this white paper on DFARS Compliance.
he rule will affect many government contractors whose services are associated with sensitive information. For further information on NIST SP 800-171, see the CKSS white paper and our blog .
At CKSS, we understand DFARS 252.204-7012 compliance and how it can help your business become more secure. We have expertise to help you achieve and maintain compliance.
Our firm is focused on organizations who are facing cyber threats and regulatory compliance requirements with minimal or no dedicated IT security personnel.
Our proprietary methodology is based on the NIST Risk Management Framework and Best Practice. We provide the following services:
- Align security needs with business needs, planning cycles, and financial constraints.
- Balance your information technology operational needs with security initiatives.
- Develop a time-phased compliance Roadmap Strategy to get a buy-in from top leadership
- Conduct an analysis of the infrastructure to determine Roadmap for compliance. Adopt a time-phased approach to educate C-suite, upper management, and other stakeholders on assessment process.
- Creation of NIST 800-171 Security Compliance Framework.
DFARS Compliance Risk Assessment
- Conduct a Third-Party Risk Assessment for clients that haven’t used our remediation services.
- Conduct Continuous Monitoring activities as part of “Security as a Managed Service.”
DFARS 252.204.7012 Templates
- Development of compliance artifacts is only a portion of DFARS 252.204-7012 Compliance. CKSS has an array of Customized DFARS templates to assist organizations in documenting compliance to252.204.7012. Click here for more details.
WHERE TO TURN… WHEN DFARS 252.204.7012 COMPLIANCE MATTERS ? call 443-459-1589 or contact us
CKSS has adopted a strategic approach to security by establishing an enterprise-wide Corporate Risk, Information Security, and Privacy Function program that can help organizations of any size respond to DFARS 252.204-7012 requirements.
CKSS is located in a Data Center that is SSAE16 Type II / TIA-942 Certified and is compliant with FISMA, HIPAA, SOX, PCI, and NIST regulations.
CKSS employs top of the line data protection solutions for data at rest and in transmit. E-mails and attachments are encrypted using FedRAMP certified solutions. Zipped files are compressed using FIPS 140-2 software. Client data is destroyed using secure tools after the conclusion of an engagement.
We have years of experience working with contractors of all sizes. Our team of specialists have extensive experience in helping small to medium organizations implement and maintain robust information security in addition to helping them achieve and maintain compliance with FISMA, DFARS 252.204-7012, NISPOM, HIPAA, PCI DSS, and other state-level and national regulations.
We have conducted FedRAMP Gap Analysis, DFARS 252.204-7012 Gap Analysis, NISPOM Gap Analysis, HIPAA Gap Analysis, ISO 27001 Gap Analysis, Infrastructure Audits, PCI/DSS Risk Assessments, Security Assessment and Authorization (C&A), NIST Framework Governance, DFARS 252.204-7012 Remediation, and Continuous Monitoring.
Our security professionals have successfully implemented various security tools, virtual private networks, network designs, firewalls, IDS/IPS, server hardening, and server virtualization.
Our consultants have industry’s most prestigious certifications such as:
- Certified Information System Security Professional(CISSP)
- Certified Information Systems Auditor (CISA)
- Certified GIAC Systems and Network Auditor (GSNA)
- Certified Risk Information Systems Control (CRISC)
- Certified ITIL Foundations, V3
- Certified Information and Certified Information Security Manager (CISM)
- Cisco Certified Network Associate (CCNA)
- Certified Microsoft System Administrator (MCSA)
- Certified Check Point Security Administrator (CCSA)
- Certified HIPAA Professional (CHP)
- Cisco Certified Network Professional – (CCNP R&S/Security)
- Cisco Certified Network Administrator – (CCNA)
- AWS - Amazon Certified Solutions Architect
- Project Management Professional – (PMP)
Development of compliance artifacts is only a portion of DFARS 252.204-7012 Compliance. Compliance entails purchasing and enhancement of tools, implementation of new technologies, and documentation of processes. Rule of thumb is to start with Gap Analysis followed by Remediation Activities.
CKSS has compiled a suite of DFARS 252.204-7012 compliance templates to help DOD Contractors get a jumpstart on their Remediation activities as well as ensure continued compliance. By buying compliance templates, you are saving your organization time and money since all the templates have already been created and conveniently grouped together for you.
The toolkit templates were developed by a team of experts with extensive experience in NIST 800-53 and NIST 800-171 consulting and auditing.
Choose the template package that fits your needs based on our wide array of templates. There are over 76 documentation templates and guidance documents included. The templates are easy to fill in with a lot of Best Practice instructions included. Each document contains comments that specify what should be included or omitted. The templates are created in MS Word, Excel, and PowerPoint and are easily customized. All the policies, procedures, and security plans have a similar structure- introductory, scope, definitions, headers, and footers etc.
Below is an example of one of our templates. Currently CKSS offers four different toolkits:
- System Security Plan Toolkit
- Contingency Plan and Incident Response Toolkit
- Policies and Procedures Toolkit
- Full Compliance Toolkit
Templates purchased via PayPal or Square are available for download as soon as you have checked out. For more details about what is included in each of these packages click the button to the right.
Complete the form below to download our DFARS White Paper and schedule
your FREE DFARS GAP Consultation
or call 443-459-1589.