The Wisconsin Manufacturing Extension Partnership works with manufacturers every day to help them accelerate their business growth and sustain success into the future. We help companies analyze new and existing technology to develop a framework for secure business operations.
MEET THE NEW CYBERSECURITY STANDARDS
All Department of Defense (DoD) contractors must meet the Defense Federal Acquisition Regulation Supplement (DFARS) minimum cybersecurity standards or risk losing federal contracts. If you’re like many businesses, you may not know what is expected or even how to get started. Not to worry. The WMEP has assembled a team of cybersecurity experts to determine if you are compliant with the requirements described in NIST Special Publication 800-171.
YOUR BEST DEFENSE STARTS WITH THE WISCONSIN MANUFACTURING EXTENSION PARTNERSHIP
ATTENTION DEPARTMENT OF DEFENSE, GSA AND NASA CONTRACTORS: All Department of Defense (DoD), General Services Administration (GSA) and NASA contractors must meet the Federal Acquisition Regulation (FAR) minimum cybersecurity standards by December 31, 2017—or risk losing federal contracts. If you’re like many businesses, you may not know what is expected or even how to get started. Not to worry. The Wisconsin Manufacturing Extension Partnership (WMEP) has assembled a team of leading cybersecurity experts to help ensure you will be compliant with the standards described in NIST Special Publication 800-171.
The WMEP’s experienced team has designed a comprehensive four-step cybersecurity program. We will help you gauge your current situation and tailor a plan specifically for your internal capabilities, budget and time sensitivity. Here’s how it works:
Step 1: Discovery – the professional assessment of your company’s practices related to the new standard. If necessary, a gap analysis will be completed to document the scope to be remediated.
Step 2: Remediate to Meet New Standard – supports all necessary fixes to ensure compliance. This may include updates to firewalls, patches, policy development, employee training, physical security, network configuration, etc.
Step 3: Test and Validate – verifies that all technology and physical security aspects are working properly. A penetration test may be necessary.
Step 4: Monitoring/Reporting – establishes ongoing monitoring and scanning of the required enterprise network. Creates a working process to log, remediate and report (as required) cyberattacks.
Cybersecurity is now firmly at the top of the national agenda as high-profile breaches raise fears that cyber attacks and other security failures could endanger the economy, businesses and individuals. WMEP is on the pulse of cybersecurity and what it means for your business.
Some Q & A…
Q: What is NIST Special Publication 800-171?
A: The National Institute of Standards and Technology (NIST) has published a set of security requirements to protect Controlled Unclassified Information (CUI). This Special Publication 800-171 defines policies that apply to all prime and subcontractor companies conducting business with the Federal Government.
Q: What is Controlled Unclassified Information?
A: Controlled Unclassified Information (CUI), also known as Covered Defense Information (CDI), is data that can be considered government-proprietary. It is information the government wants held secure, but is not vital to national security.
Q: Is there a compliance deadline for NIST Special Publication 800-171?
A: Yes! Full compliance with NIST 800-171 is required by December 31, 2017. Department of Defense (DoD) contractors must notify the DoD CIO within 30 days of contract award of any security requirements not implemented at the time of contract award.
Q: What happens if my company doesn’t implement cybersecurity initiatives?
A: Failure to comply with cybersecurity requirements could result in the loss of a federal contract or prevent a new contract from being awarded.
DON’T RISK LOSING BUSINESS
- Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
- NIST Special Publication 800-171 Revision 1
- NIST SP 800-171 Memorandum Explanation
- Safeguarding Covered Defense Information and Cyber Incident Reporting (U.S. Department of Defense)
- Defense Cybersecurity Requirements: What Small Businesses Need to Know (U.S. Department of Defense)
- Directive-Type Memorandum (DTM): Cybersecurity in the Defense Acquisition System (U.S. Dept. of Defense)
- Memorandum: Implementation of DFARS Clause 252.204-7012 (U.S. Department of Defense)
- NIST MEP Cybersecurity Self-assessment Handbook (Self-assessment): http://nvlpubs.nist.gov/nistpubs/hb/2017/NIST.HB.162.pdf (NIST.gov)
- Cybersecurity Glossary (thecyberwire.com)