Note To Gallagher, Secure CyberID & Strikeforce: T
Post# of 82686
(Total Views: 603)
Posted On: 11/15/2018 2:10:45 PM
Note To Gallagher, Secure CyberID & Strikeforce: The door is opening wide for your new live deal! The timing is perfect for HUGE revenues to come to all involved:
Department of Defense’s new cyber strategy will significantly impact contract awards
By Payal Vadhani – Partner, Risk Advisory, Aronson LLC
Nov 14, 2018
The Department of Defense recently released its 2018 cyber strategy, which has significantly evolved since its last release in 2015. Just like the DoD expects quality from its suppliers, it also expects suppliers’ products and services to be secure.
Renewed focus on cybersecurity
During the Air Force Association’s Air, Space & Cyber Conference in Washington, D.C., Deputy Secretary Patrick Shanahan made clear that “Cybersecurity is probably going to be what we call the fourth critical measurement. You know, we’ve got quality, cost, schedule.”
He also elaborated on how the DoD evaluates its acquisition:
“Security is one of those measures that we need to hold people accountable for. And it shouldn’t be that being secure comes with a big bill," he said. "Like we wouldn’t pay extra for quality, we shouldn’t pay extra for security. We’re in a new world, and security is the standard, it’s the expectation, it’s not something that’s above and beyond what we’ve done before.”
Shanahan’s statements have a tremendous impact on government contractors. They reinforce the expectation that security should not be looked at as an after-thought, but already built into the product and services they provide the DoD. In the future, higher levels of proven security will be necessary in order to win DoD contracts. Those prime and subcontractors that are not compliant with security standards will not be able to win business.
Supply chain security
Another area of focus is on supply chain security. The DoD will hold government contractors accountable for their supply chain cybersecurity practices. Contractors are responsible for all subcontractors they utilize, and they must take the time to properly assess each subcontractor to ensure their operations do not jeopardize the contractor’s ability to do business with the DoD.
Next steps for DoD contractors
At present, the DoD has its own cybersecurity regulations and contract clauses, the Defense Federal Acquisition Regulation Supplement (DFARS). Contractors should familiarize themselves with clauses 252.204-7008, Compliance with Safeguarding Covered Defense Information Controls, and 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting.
Even if these clauses are currently not in supplier contracts, measures should be taken to become compliant with NIST Special Publication SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. The standard provides requirements for protecting the confidentiality of Controlled Unclassified Information (CUI). If a government contractor is able to prove that it is NIST SP 800-171 compliant, it is an automatic first step in meeting the requirements of the fourth pillar.
There is good news for small businesses in the state of Maryland. The Maryland Department of Commerce has been awarded $515,636 in federal funding from the DoD Office of Economic Adjustment (OEA) to assist in-state small- and mid-sized prime contractors requiring assistance in meeting the cybersecurity standard NIST SP800-171.
Department of Defense’s new cyber strategy will significantly impact contract awards
By Payal Vadhani – Partner, Risk Advisory, Aronson LLC
Nov 14, 2018
The Department of Defense recently released its 2018 cyber strategy, which has significantly evolved since its last release in 2015. Just like the DoD expects quality from its suppliers, it also expects suppliers’ products and services to be secure.
Renewed focus on cybersecurity
During the Air Force Association’s Air, Space & Cyber Conference in Washington, D.C., Deputy Secretary Patrick Shanahan made clear that “Cybersecurity is probably going to be what we call the fourth critical measurement. You know, we’ve got quality, cost, schedule.”
He also elaborated on how the DoD evaluates its acquisition:
“Security is one of those measures that we need to hold people accountable for. And it shouldn’t be that being secure comes with a big bill," he said. "Like we wouldn’t pay extra for quality, we shouldn’t pay extra for security. We’re in a new world, and security is the standard, it’s the expectation, it’s not something that’s above and beyond what we’ve done before.”
Shanahan’s statements have a tremendous impact on government contractors. They reinforce the expectation that security should not be looked at as an after-thought, but already built into the product and services they provide the DoD. In the future, higher levels of proven security will be necessary in order to win DoD contracts. Those prime and subcontractors that are not compliant with security standards will not be able to win business.
Supply chain security
Another area of focus is on supply chain security. The DoD will hold government contractors accountable for their supply chain cybersecurity practices. Contractors are responsible for all subcontractors they utilize, and they must take the time to properly assess each subcontractor to ensure their operations do not jeopardize the contractor’s ability to do business with the DoD.
Next steps for DoD contractors
At present, the DoD has its own cybersecurity regulations and contract clauses, the Defense Federal Acquisition Regulation Supplement (DFARS). Contractors should familiarize themselves with clauses 252.204-7008, Compliance with Safeguarding Covered Defense Information Controls, and 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting.
Even if these clauses are currently not in supplier contracts, measures should be taken to become compliant with NIST Special Publication SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. The standard provides requirements for protecting the confidentiality of Controlled Unclassified Information (CUI). If a government contractor is able to prove that it is NIST SP 800-171 compliant, it is an automatic first step in meeting the requirements of the fourth pillar.
There is good news for small businesses in the state of Maryland. The Maryland Department of Commerce has been awarded $515,636 in federal funding from the DoD Office of Economic Adjustment (OEA) to assist in-state small- and mid-sized prime contractors requiring assistance in meeting the cybersecurity standard NIST SP800-171.
(8)
(0)