What does it mean?
Any company working with federal contract information must provide evidence of security protections and compliance or
Risk of the loss of contract awards and the ability to compete for future awards. Government contractors or subcontractors
Must demonstrate “adequate security” as specified by NIST 800-171 and have cyber incident policies and procedures in
Place that meet the DFARS requirements.
How do you know if this applies to you?
If you are storing data, transferring data, emailing files, saving files or viewing files on your computer that are used for project or product development for government contracts or subcontracts, you may need to reach one of the five levels of compliance. Each level of compliance requires different elements of security measures. To learn more about which level you may be required to reach, refer to the Cybersecurity Maturity Model Certification Guide.
What are some examples of compliant security practices?
Some examples of lower level compliance requirements for even the smallest of contracts are: password hygiene, multi-factor authentication, file storage security, and user privacy. Other, higher security contracts may require more complex measures such as remote access restrictions, audit logs, and data segregation.
Missing just one of these requirements is enough to earn violations in compliance, which can in some cases result in losing eligibility for future contracts.
To dig through these requirements and understand where you align with your guidelines, it is helpful to have an IT professional to assess your specific needs. We can partner with you, audit your existing security deployment, and provide a detailed plan for reaching your desired level of compliance.
Is This a Law?
In 2019, the Department of Defense (DoD) announced the implementation of the Cybersecurity Maturity Model Certification (CMMC), which ranks contractors based on their cyber hygiene and is based on the NIST 800-171 framework. Beginning in 2020, the CMMC will be a requirement for all DoD contractors to be able to participate in RFIs and bid on RFPs.
Don’t lose your chance on important contracts!
For more information on the guidelines within the Cybersecurity Maturity Model Certification (CMMC), read this.