In November 2010, the White House came up with the EO or Executive Order 13556. The order helped in establishing a uniform and open program across Defense and Civilian agencies for the management of information requiring dissemination or protection of controls with Government-wide regulations, laws, and policies.
Challenge
The Executive Order aimed to overcome agencies and departments making use of agency-centric procedures and policies for safeguarding and controlling all cyber incidents and protecting controlled unclassified information (CUI). As CUI is sensitive information, it mostly affects security and privacy concerns while containing proprietary business interests.
What is DFARS?
DFARS stands for Defense Federal Acquisition Regulation Supplement. It is a standard set of practices and regulations requiring Depart of Defense (DoD) contractors to emphasize the use of proper cybersecurity practices. It ensures meticulous handling of CUI. All DoD contractors are expected to comply with the respective DFARS specifications before bidding for a contract.
Understanding the Requirements for NIST SP 800-171
The requirements for NIST (National Institute of Standards and Technology) SP 800-171 requirements have been developed to make sure that those working in collaboration with the Defense Industrial Base (DIB), will have access to methods for meeting the specifications for protecting sensitive information.
The regulatory document that has been published on behalf of the government by the Under Secretary for DoD and NIST states "protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully carry out its designated missions and business operations."
Requirement for DFARS Compliance
If selling to the DoD through direct or indirect sale it's expected to be DFARS compliant. Every DoD contractor responsible for handling CUI will be running the risk of contract termination in cases where they are unable to meet the minimum security requirements for DFARS. It will also extend to mini-contractors working with primary DoD contractors.
When you fail to comply with the specific DFARS regulations, it could result into hefty penalties. It could range from an upfront ban on contracts with the DoD or contract termination.
If you wish to be truly DFARS compliant, you should go through important guidelines as specified in the NIST SP 800-171.
Becoming compliant
CalCom's solution will maintain your assets continuously hardened, preventing these often missed compliance drifts that often lead to audit failure on breaches. CalCom Hardening Automation Suite- (CHS) is a hardening automation platform designed to reduce operational costs and increase infrastructure's security and compliance posture. CHS ensures that your servers are constantly hardened and secured while maintaining the servers availability and saving security operations administrators a tremendous amount of time.
