Subscribe
A presentation of the concepts related to the regulatory requirements governing contractor cybersecurity and the handling of Controlled Unclassified Information, as well as the process of attaining and demonstrating compliance through assessment.
Glossary of Terms:
DCMA
Defense Contract Management Agency; administrating agency of the Defense Industrial Base Cybersecurity Assessment Center
Prime
Prime contractor; works directly with the government, manages any subcontractors, and are responsible for ensuring that the work is completed as defined in the contract
Sub
Subcontractor; supplier, distributor, vendor, or firm that furnishes supplies or services to or for a prime contractor or another subcontractor
Enclave
Section of an internal network that is subdivided from the rest of the network which operates in the same security domain and shares the protection of a single, common, continuous security perimeter
Basic (Contractor Self-Assessment) NIST SP 800-171 DoD Assessment (also referred to as ‘Basic’ or ‘Basic Assessment’)
The Basic Assessment is the Contractor’s self-assessment of NIST SP 800-171 implementation status, based on a review of the system security plan(s) associated with covered contractor information system(s), and conducted in accordance with NIST SP 800-171A….and Section 5 and Annex A of [the NIST SP 800-171 DoD Assessment Methodology].
Medium NIST SP 800-171 Assessment (also referred to as ‘Medium’ or ‘Medium Assessment’)
The Medium Assessment is conducted by DoD personnel who have been trained in accordance with DoD policy and procedures to conduct the assessment...will consist of a review of the system security plan description of how each requirement is met to identify any descriptions which may not properly address the security requirement. (see NIST SP 800-171 DoD Assessment Methodology)
High (On-Site or Virtual) NIST SP 800-171 DoD Assessment (also referred to as ‘High’ or ‘High Assessment’)
The High Assessment, conducted by DoD personnel who have been trained in accordance with DoD policy and procedures to conduct the assessment, requires a thorough on-site or virtual verification/examination/demonstration of the Contractor’s system security plan and implementation of the NIST SP 800-171 security requirements. (see NIST SP 800-171 DoD Assessment Methodology)
Resources:
Supplier Performance Risk System (SPRS)
https://www.sprs.csd.disa.mil/
OUSD(A&S) Strategically Assessing Contractor Implementation of NIST SP 800-171 site
https://www.acq.osd.mil/dpap/pdi/cyber/strategically_assessing_contractor_implementation_of_NIST_SP_800-171.html
NIST SP 800-171 Rev. 2
https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final
NIST SP 800-171A
https://csrc.nist.gov/publications/detail/sp/800-171a/final
DoD Procurement Toolbox – Cybersecurity in DoD Acquisition Regulations
https://dodprocurementtoolbox.com/site-pages/cybersecurity-dod-acquisition-regulations
**LATEST VERSIONS AS OF THE TIME OF VIDEO PUBLICATION.**
| Date Taken: | 07.20.2021 |
| Date Posted: | 07.20.2021 13:56 |
| Category: | Video Productions |
| Video ID: | 807319 |
| VIRIN: | 210720-D-D0449-001 |
| Filename: | DOD_108461300 |
| Length: | 00:06:29 |
| Location: | VA, US |
| Downloads: | 5 |
| High-Res. Downloads: | 5 |
This work, Cybersecurity Compliance: An Introduction to DFARS 252.204-7012 and NIST SP 800-171 Requirements, by Michael Dunbar, Chad Hilton and Douglas Key, identified by DVIDS, must comply with the restrictions shown on https://www.dvidshub.net/about/copyright.
LEAVE A COMMENT