Gov Contractor Cybersecurity Changes- 2017

Book with cyber security laws. Justice and legislation concept.

The National Law Review recently provided a nice update on the changing regulatory environment for Government Contractors in Cybersecurity – both in 2016 and upcoming in 2017.

Have you assessed your level of CUI compliance? Are you aware of your gaps? Do you know your path to compliance? Are you ready?  It’s okay, we can help – there is still time.

December 2017 is coming up fast! Previous Zofia article on CUI is here.

Please let Zofia Consulting know how we can help you reach compliance in time. 

http://www.natlawreview.com/article/more-cybersecurity-changes-expected-contractors-2017

Excerpts from National Law Review below:


“On December 20, 2016, the National Institute of Standards and Technology (NIST) published Revision 1 to Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. The Revision added a new control requiring a System Security Plan (SSP), which must “describe the boundary of [a contractor’s]information system; the operational environment for the system; how the security requirements are implemented; and the relationships with or connections to other systems.” 

 

“If requested, contractors will be required to provide the Government with its SSP and any associated Plans of Action and Milestones (POAM). Federal agencies may consider the submitted SSPs and POAMs as critical inputs when deciding whether to award a contract that requires the processing, storing, or transmitting of CUI on a contractor information system.”

 
“DoD maintains cybersecurity as one of its six priorities and indicates an intent to continue to sharpen its regulatory requirements in this area, including further revisions to its final rule regarding participation in its Defense Industrial Base program. Although the exact parameters of the changes that DoD will make in the cybersecurity area remain to be seen, DoD’s significant emphasis on protecting its own systems should provide a warning to contractors about the importance that DoD and other Government agencies place on the protection of Government information – whether stored on Government or contractor systems.”

cve_completed_v