I’ve been having many conversations with manufacturers about their need to get aligned with an interim rule put out by the Department of Defense (DoD) recently. The basic deliverables of that rule are to submit the score a supplier achieves following a gap analysis based on the controls listed in the NIST Special Publication 800-171 document. Sounds simple right? I’ve been working with hundreds of DoD suppliers as an outside consultant to guide them towards NIST 800-171 and CMMC compliance. I can tell you from experience that the idea is not clearly defined within the rule.
Following the interim rule passed down in the document DFARS Case 2019-D041 on September 29, 2020, there’s a growing number of subcontractors in the Department of Defense (DoD) supply base selling into the “Primes” who are receiving urgent requests from their customers to comply with this new requirement. Regardless how long the DFARS 252.204-7012 has been a stated requirement for DoD contract awards, this new urgency is driving a lot of activity in the Defense Industrial Base (DiB). As such, you have likely heard from a range of vendors that have offered to help you reach that goal.
Start improving your cybersecurity posture now with this ebook, free when you subscribe to our blog.
If you’re a supplier or manufacturer that relies on business with the Department of Defense (DoD) and the contracts they offer, you will need to ensure that your IT infrastructure can pass a third party certification for cybersecurity readiness over the coming months. This certification is referred to as CMMC or the Cybersecurity Maturity Model Certification. It is an initiative designed to help protect the data being shared within the Defense Industrial Base of the United States and the contract information necessary to produce the parts, systems, and components needed for our national defense.
Improving record keeping and data handling is critical to keeping the trust of partners, vendors, contractors, and customers. The importance is magnified when the federal government is involved, with the goal of creating a national culture of cybersecurity that protects the information of our businesses, citizens, and government. The National Institute of Standards and Technology (NIST) created Special Publication 800-171 to help protect Controlled Unclassified Information. But what does that actually look like? How will you know you’re meeting the standards laid out in NIST 800-171? What is CUI?
If you're a supplier, contractor or subcontractor with the federal government, you or your colleagues have no doubt heard of NIST 800-171. If you haven't, check out "Everything You Need to Know About NIST 800-171." for all of the details, and how it may affect your business contracts.
In partnership with the Connecticut Association of Schools (CAS), WTNH News 8 produces a series hosted by Scott McDonnell called “What’s Right With Schools”. Kelser’s support of Newington High School’s Information Technology & Digital Innovation Academy was recently featured in one of these segments.
Trust can be a precarious thing. One mistake could ruin it forever. You spend so much time and energy building trust with your customers, vendors, contractors, and partners, that the last thing you want to do is lose it, particularly over non-compliance. Believe it or not, record keeping and data handling is critical to maintaining that trust.
Living in New England has its own unique benefits and challenges. Temperate summers, colorful autumns, white winters and rejuvenating springs are balanced with the occasional weather hate mail from Mother Nature. Often these reminders of her prowess come in the form of significant late summer events ranging from heavy thunderstorms to powerful tropical storms. This year is right on course with a varied mix of weather patterns that define our climate.