CyberArk is considered a global leader and pioneer in providing privileged access security, and for good reason. Because CyberArk provides the most advanced Privileged Account Management (PAM) solutions in one incredible platform CyberSheath made the strategic...
Beyond Compliance: DFARs 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting: A Matter of National Security
The DOD Guidance provides additional information on how they might penalize business partners who fail to adhere to new security rules, including penalties and not being awarded new contracts. Aside from the obvious competitive business reasons to immediately implement the NIST 800-171 security requirements this latest theft of project Sea Dragon data is reminder of the implications to national security. Most of NIST 800-171 is just good cybersecurity hygiene that at a minimum will make contractors harder targets for hostile nation states.
The December 31, 2017 deadline for achieving compliance with NIST 800-171 has come and gone. If you’re still not compliant, you’re at risk for penalties, and chances of winning future contracts and bids are at great risk. The good news is it’s not too late!
The U.S. Securities and Exchange Commission issued new guidance for public companies to be more forthcoming when disclosing cybersecurity risks, expanding on previous guidance issued in 2011. In addition to warning corporate insiders not to trade shares when they have information about cybersecurity issues that isn’t public, the guidance advised that internal or law enforcement investigations cannot be used as an excuse for not informing the public. The unanimously approved guidance, was published “interpretive guidance,” which the SEC uses to publish their views and interpret the federal securities laws and SEC regulations.
Achieving NIST SP 800-171 Rev. 1 compliance isn’t easy but the process doesn’t have to be complicated.