The FAR and DAR Councils issued new cybersecurity rules for government contractors. The FAR rule, effective in June 2016, affects all government contractors and lists 15 items “a prudent business person would employ…even if not covered by this rule.” The DFARS rule, 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting” requires compliance with NIST (SP) 800-171 R1, a more robust guideline, by December 31, 2017.
While no audit plan or third-party system approval process exists for the FAR and DFARS rules, contractors imply compliance by signing and accepting contracts with these clauses. More importantly, these clauses exist in current contracts so your compliance is already implied.
Join me for a conversation about the unique cybersecurity requirements for government and defense contractors as we discuss CUI, the audit and survey process, the costs of non-compliance, and compliance strategies.
Target Audience: Novice and experienced business professionals and executives who operate or plan to operate in the federal space