DFARS 252.204-7012 Compliance
Are you the weakest link ?
n response to the recent executive orders and growing pressure from high profile government data breaches, DOD Issued the Final DFARS Rule on Network Penetration and Cloud Computing on October 2016. The final ruling requires covered contractors to implement certain cybersecurity safeguards and report data breaches within 72 hours and adopt NIST SP 800-171 as the baseline for covered information system security requirements.
DFARS Compliance Requirements
Contractors are encouraged to implement the adequate safeguarding standards in NIST SP 800-171 Revision 1 as soon as practical, but no later than December 31, 2017.
The Final rule includes the following Provisions and Clauses::
- Subpart 204.73 – Safeguarding Covered Defense Information and Cyber Incident Reporting
- Subpart 239.76 – Cloud Computing
- 252.204-7008 – Compliance with Safeguarding Covered Defense Information
- 252.204-7009 – Limitations on the Use or Disclosure of Third-Party Contractor Reported Cyber Incident Information
- 252.204-7012 – Safeguarding Covered Defense Information and Cyber Incident Reporting
- 252.239-7009 – Representation of Use of Cloud Computing
- 252.239-7010 – Cloud Computing Services
- Details are posted in our blog and CKSS White paper
CKSS provides a wide variety of DFARS services. Fill out the form to the right, to receive this white paper on DFARS Compliance.
he rule will affect many government contractors whose services are associated with sensitive information. For further information on NIST SP 800-171, see the CKSS white paper and our blog .
At CKSS, we understand DFARS 252.204-7012 compliance and how it can help your business become more secure. We have expertise to help you achieve and maintain compliance.
Our firm is focused on organizations who are facing cyber threats and regulatory compliance requirements with minimal or no dedicated IT security personnel.
Our proprietary methodology is based on the NIST Risk Management Framework and Best Practice. We provide the following services:
- Align security needs with business needs, planning cycles, and financial constraints.
- Balance your information technology operational needs with security initiatives.
- Develop a time-phased compliance Roadmap Strategy to get a buy-in from top leadership
- Conduct an analysis of the infrastructure to determine Roadmap for compliance. Adopt a time-phased approach to educate C-suite, upper management, and other stakeholders on assessment process.
- Creation of NIST 800-171 Security Compliance Framework.
DFARS Compliance Risk Assessment
- Conduct a Third-Party Risk Assessment for clients that haven’t used our remediation services.
- Conduct Continuous Monitoring activities as part of “Security as a Managed Service.”
DFARS 252.204.7012 Templates
- Development of compliance artifacts is only a portion of DFARS 252.204-7012 Compliance. CKSS has an array of Customized DFARS templates to assist organizations in documenting compliance to252.204.7012. Click here for more details.
WHERE TO TURN… WHEN DFARS 252.204.7012 COMPLIANCE MATTERS ? call 443-459-1589 or contact us
CKSS has adopted a strategic approach to security by establishing an enterprise-wide Corporate Risk, Information Security, and Privacy Function program that can help organizations of any size respond to DFARS 252.204-7012 requirements.
CKSS employs top of the line data protection solutions for data at rest and in transit. E-mails and attachments are encrypted using FedRAMP certified solutions. Zipped files are compressed using FIPS 140-2 software. Client data is destroyed using secure tools after the conclusion of an engagement.
We have years of experience working with contractors of all sizes. Our team of specialists have extensive experience in helping small to medium organizations implement and maintain robust information security in addition to helping them achieve and maintain compliance with FISMA, DFARS 252.204-7012, NISPOM, HIPAA, PCI DSS, and other state-level and national regulations.
We have conducted FedRAMP Gap Analysis, DFARS 252.204-7012 Gap Analysis, NISPOM Gap Analysis, HIPAA Gap Analysis, ISO 27001 Gap Analysis, Infrastructure Audits, PCI/DSS Risk Assessments, Security Assessment and Authorization (C&A), NIST Framework Governance, DFARS 252.204-7012 Remediation, and Continuous Monitoring.
Our security professionals have successfully implemented various security tools, cloud transformations, DecSecOps processes, network designs, firewalls, IDS/IPS, vulnerability and configuration management.
Our consultants have industry’s most prestigious certifications such as:
- Certified Information System Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- Certified GIAC Systems and Network Auditor (GSNA)
- Certified Risk Information Systems Control (CRISC)
- AWS Certified Solutions Architect—Associate (AWS-SAA)
- AWS Certified Solutions Architect-Professional (AWS-SAP)
- AWS Certified Developer—Associate (AWS-DA)
- AWS Certified SysOps Administrator
- AWS Certified Cloud Practitioner (AWS-CLF)
- Scaled Agile Framework (SAFe)
- Certified ITIL Foundations, V3
- Certified Information and Certified Information Security Manager (CISM)
- Cisco Certified Network Administrator – (CCNA)
- Project Management Professional – (PMP)
Development of compliance artifacts is only a portion of DFARS 252.204-7012 Compliance. Compliance entails purchasing and enhancement of tools, implementation of new technologies, and documentation of processes. Rule of thumb is to start with Gap Analysis followed by Remediation Activities.
CKSS has compiled a suite of DFARS 252.204-7012 compliance templates to help DOD Contractors get a jumpstart on their Remediation activities as well as ensure continued compliance. By buying compliance templates, you are saving your organization time and money since all the templates have already been created and conveniently grouped together for you.
The toolkit templates were developed by a team of experts with extensive experience in NIST 800-53 and NIST 800-171 consulting and auditing.
Choose the template package that fits your needs based on our wide array of templates. There are over 76 documentation templates and guidance documents included. The templates are easy to fill in with a lot of Best Practice instructions included. Each document contains comments that specify what should be included or omitted. The templates are created in MS Word, Excel, and PowerPoint and are easily customized. All the policies, procedures, and security plans have a similar structure- introductory, scope, definitions, headers, and footers etc.
Below is an example of one of our templates. Currently CKSS offers four different toolkits:
- System Security Plan Toolkit
- Contingency Plan and Incident Response Toolkit
- Policies and Procedures Toolkit
- Full Compliance Toolkit
Templates purchased via PayPal or Square are available for download as soon as you have checked out. For more details about what is included in each of these packages click the button to the right.
CKSS is proud to be certified as a Qualified Maryland Cybersecurity Seller in support of The Maryland Defense Cybersecurity Assistance Program (DCAP). The program provides funding and assistance for Defense Contractors to comply with the DFARS 252.204-7012 and NIST 800-171 Requirements.
The DCAP program is funded by the Department of Defense’s Office of Economic Adjustment (OEA) through the Maryland Department of Commerce and is being coordinated by the MD Manufacturing Extension Partnership (MEP). Defense contractors in Maryland generate more than $57 Billion in economic impact and the DCAP program will help these contractors comply with the Federal regulations necessary to continue providing services to the Federal Government.
Defense Contractors may claim a tax credit for 50% of the net purchase price of cybersecurity technologies and services (Gap Analysis or Advisory Services) purchased from CKSS. The tax credit must be claimed for the tax year in which a purchase is made.
CKSS is a service provider specializing in Compliance, IT audits, Cloud Transformations, DevSecOps, and Managed Security Services. We have more experience than our competitors. In addition, we have a proven methodology and array of DFARS 252.204.7012 Templates (USPTO Copy Right Registered) that specifically address NIST 800-171 Requirements.
CKSS provides the following managed services that can qualify for reimbursement under DCAP.
Complete the form below to download our DFARS White Paper and schedule
your FREE DFARS GAP Consultation
or call 443-459-1589.