INTRODUCTION TO DFARS
|
|
- Nancy West
- 5 years ago
- Views:
Transcription
1 INTRODUCTION TO DFARS CTI VS. CUI VS. CDI OVERVIEW COPYRIGHT 2017 FLANK. ALL RIGHTS RESERVED.
2 INTRODUCTION TO DFARS CTI VS. CUI VS. CDI OVERVIEW Defense contractors having to comply with DFARS often find themselves struggling to interpret the actual meaning and applicability of Unclassified Controlled Technical Information (U/CTI), Controlled Unclassified Information (CUI), and Covered Defense Information (CDI). It can be challenging, no question about it, especially when the FAR pronouncements and the Department of Defense (DoD) themselves have not provided clear guidance on this matter. Flank, a leading provider of DFARS services and solutions, offers the following interpretation and guidance for U/CTI, CUI, and CDI. Visit us at flank.org to learn more about our services and solutions. UNCLASSIFIED CONTROLLED TECHNICAL INFORMATION (U/CTI): Controlled technical information means technical information with military or space applications that is subject to controls on the access, use, reproduction, modification, performance, display, release, disclosure, or dissemination. Controlled technical information would meet the criteria, if disseminated, for distribution statements B through F (per, html/current/204_73.htm) using the criteria set forth in DoD Instruction , Distribution Statements on Technical Documents. The term does not include information that is lawfully publicly available without restrictions. Thus, technical information means technical data or computer software, as those terms are defined in the clause at DFARS , Rights in Technical Data-Non-Commercial Items, regardless of whether or not the clause is incorporated in this solicitation or contract. Examples of technical information include research and engineering data, engineering drawings, and associated lists, specifications, standards, process sheets, manuals, technical reports, technical orders, catalog-item identifications, data sets, studies and analyses, and related information, and computer software executable code and source code. Source: 2
3 CONTROLLED UNCLASSIFIED INFORMATION (CUI): CUI is information that requires safeguarding or dissemination of controls pursuant to and consistent with applicable laws, regulations, and government-wide policies, but is not classified under Executive Order or the Atomic Energy Act, as amended. More specifically, CUI is information the government creates or possesses, or that an entity creates or possesses for or on behalf of the government, that a law, regulation, or government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls. However, CUI does not include classified information. COVERED DEFENSE INFORMATION (CDI): CDI means unclassified controlled technical information or other information (as described in the Controlled Unclassified Information (CUI) Registry at that requires safeguarding or dissemination controls pursuant to and consistent with laws, regulations, and government wide policies, and is (1) Marked or otherwise identified in the contract, task order, or delivery order and provided to the contractor by or on behalf of DoD in support of the performance of the contract; or (2) Collected, developed, received, transmitted, used, or stored by or on behalf of the contractor in support of the performance of the contract. PLEASE NOTE THE FOLLOWING: The Department of Defense (DoD) on October 4, 2016, issued a rule finalizing cyber reporting regulations applicable to DoD contractors and subcontractors set forth in 32 CFR Part 236. The rule finalizes an interim rule DoD issued on October 2, 2015 and addresses cyber incident reporting obligations for DoD prime contractors and subcontractors. 3
4 Notably, the final rule clarifies the by now well-known definition of the term covered defense information ( CDI ). This same term is used in DFARS This DFARS clause defines CDI to include four different categories: (1) covered technical information ( CTI ); (2) operations security; (3) export controlled information; and (4) any other information, marked or otherwise identified in the contract, that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and government-wide policies. Given the similarities of this final category to the definition of controlled unclassified information ( CUI ) promulgated in connection with the National Archives and Records Administration s (NARA) rule, we have understood this latter category to include CUI identified by NARA pursuant to its efforts under EO The DoD s new final rule provides support for this understanding because it narrows the definition of CDI to only two categories: (1) CTI and (2) CUI. This modification accordingly appears to make clear that the catch-all category of CDI contained in DFARS was intended to align with NARA s CUI efforts. AS SUCH, CONSIDER THE FOLLOWING: NIST refers to Controlled Unclassified Information, but was dated before the new rules were put in place. Unclassified Controlled Technical Information was the original term in DFARS (pre-nist pronouncement) Covered Defense Information is new term that encompasses all of the above, as well as new types of information, thus CDI is the core definition and concept to grasp. 4
5 SO, WHAT THEN IS CDI? Unclassified information provided to the contractor by or on behalf of DoD in connection with the performance of the contract, or Unclassified information which is collected, developed, received, transmitted, used, or stored by or on behalf of the contractor in support of the performance of the contract. THUS, IT IS: Controlled technical information (Military) Export controlled information (commodities, tech, software etc.) Critical information (DoD Directive, OPEC, etc.) Catch All (privacy or proprietary business information) Research and engineering data, engineering drawings, and associated lists, specifications, standards, process sheets, manuals, technical reports, technical orders, catalog-item identifications, data sets, studies and analyses and related information, and computer software executable code and source code. 5
6 AWARD-WINNING DFARS TOOLKIT AVAILABLE FOR DOWNLOAD Becoming compliant with DFARS can be an incredibly challenging process, but thanks to our industry leading DFARS Compliance All-in-One Toolkit, you ve got all the tools, templates, and other supporting documentation for helping ensure rapid compliance with the DFARS provisions. Available for instant download, you ll receive professionally developed NIST SP specific policies, procedures, forms, checklists, templates, scoping & readiness documents, and more that map directly to both the Basic and Derived Security Controls. Available for instant download, the DFARS Compliance All-in-One Toolkit comes complete with the following 8 sections: NIST SP Policy Packet NIST SP Information Security Policies and Procedures Packet DFARS System Security Plan (SSP) Templates DFARS Scoping & Readiness Assessment Toolkit DFARS Project Management Template DoD Cyber Incident Response and Reporting Program (CIRRP) Third-Party Due-Diligence & Vendor Management Program Risk Assessment Program If you need assistance with DFARS compliance, then contact us today at info@flank.org, along with visiting flank.org to learn more about our services for defense contractors. 6
7 ABOUT US We re global experts when it comes to security, governance, and compliance solutions, there s no debating that, and we can help you implement efficient and scalable solutions for your growing business. Security can be difficult, compliance can be challenging, and governance can be costly we more than understand these issues and it s why you should be talking to Flank, the organization that helps you in protecting your perimeter. We re Flank. to defend or guard at the flank. 7
Get Compliant with the New DFARS Cybersecurity Requirements
Get Compliant with the New DFARS 252.204-7012 Cybersecurity Requirements Reginald M. Jones ( Reggie ) Chair, Federal Government Contracts Practice Group rjones@foxrothschild.com; 202-461-3111 August 30,
More informationDFARS Defense Industrial Base Compliance Information
DFARS 252.204-7012 Defense Industrial Base Compliance Information Protecting Controlled Unclassified Information (CUI) Executive Order 13556 "Controlled Unclassified Information, November 2010 Established
More informationROADMAP TO DFARS COMPLIANCE
ROADMAP TO DFARS COMPLIANCE ARE YOU READY FOR THE 12/31/17 DEADLINE? In our ebook, we have answered the most common questions we receive from companies preparing for DFARS compliance. Don t risk terminated
More informationSafeguarding of Unclassified Controlled Technical Information. SAFEGUARDING OF UNCLASSIFIED CONTROLLED TECHNICAL INFORMATION (NOV 2013)
Page 1 of 7 Section O Attach 2: SAFEGUARDING OF UNCLASSIFIED CONTROLLED TECHNICAL INFORMATION (NOV 2013) 252.204-7012 Safeguarding of Unclassified Controlled Technical Information. As prescribed in 204.7303,
More informationNIST Special Publication
NIST Special Publication 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations Ryan Bonner Brightline WHAT IS INFORMATION SECURITY? Personnel Security
More informationSafeguarding Unclassified Controlled Technical Information
Safeguarding Unclassified Controlled Technical Information (DFARS Case 2011-D039): The Challenges of New DFARS Requirements and Recommendations for Compliance Version 1 Authors: Justin Gercken, TSCP E.K.
More information2018 SRAI Annual Meeting October Dana Rewoldt, CRA, Associate Director of OIPTT, Iowa State University, Ames, IA, USA
2018 SRAI Annual Meeting October 27-31 Dana Rewoldt, CRA, Associate Director of OIPTT, Iowa State University, Ames, IA, USA Controlled Unclassified Information Regulations: Practical Processes and Negotiations
More informationDOD s New Cyber Requirements: Impacts on DOD Contractors and Subcontractors
McKenna Government Contracts, continuing excellence at Dentons DOD s New Cyber Requirements: Impacts on DOD Contractors and Subcontractors Phil Seckman Mike McGuinn Quincy Stott Dentons US LLP Date: January
More informationSAC PA Security Frameworks - FISMA and NIST
SAC PA Security Frameworks - FISMA and NIST 800-171 June 23, 2017 SECURITY FRAMEWORKS Chris Seiders, CISSP Scott Weinman, CISSP, CISA Agenda Compliance standards FISMA NIST SP 800-171 Importance of Compliance
More informationDFARS , NIST , CDI
DFARS 252.204-7012, NIST 800-171, CDI and You Overview Impacts Getting started Overview Impacts Getting started Overview & Evolving Requirements DFARS 252.204-7012 - Safeguarding Covered Defense Information
More informationDFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com
DFARS Compliance SLAIT Consulting SECURITY SERVICES Mike D Arezzo Director of Security Services Introduction 18+ year career in Information Technology and Security General Electric (GE) as Software Governance
More informationCybersecurity for Government Contractors: Preparing for Cyber Incidents in 2017
Cybersecurity for Government Contractors: Preparing for Cyber Incidents in 2017 March 23, 2017 By Keir Bancroft By Louverture Jones Partner Senior Manager, Deloitte Advisory Venable LLP Deloitte & Touche
More informationDFARS Cyber Rule Considerations For Contractors In 2018
Portfolio Media. Inc. 111 West 19 th Street, 5th Floor New York, NY 10011 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com DFARS Cyber Rule Considerations For Contractors
More informationDEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY. Cyber Security. Safeguarding Covered Defense Information.
DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY Cyber Security Safeguarding Covered Defense Information 30-31 August 2016 WARFIGHTER FIRST PEOPLE & CULTURE STRATEGIC ENGAGEMENT FINANCIAL
More informationPilieroMazza Webinar Preparing for NIST SP December 14, 2017
PilieroMazza Webinar Preparing for NIST SP 800-171 December 14, 2017 Presented by Jon Williams, Partner jwilliams@pilieromazza.com (202) 857-1000 Kimi Murakami, Counsel kmurakami@pilieromazza.com (202)
More informationFederal Initiatives to Protect Controlled Unclassified Information in Nonfederal Information Systems Against Cyber Threats
May 20, 2015 Georgetown University Law Center Federal Initiatives to Protect Controlled Unclassified Information in Nonfederal Information Systems Against Cyber Threats Robert S. Metzger Rogers Joseph
More informationSafeguarding unclassified controlled technical information (UCTI)
Safeguarding unclassified controlled technical information (UCTI) An overview Government Contract Services Bulletin Safeguarding UCTI An overview On November 18, 2013, the Department of Defense (DoD) issued
More informationPreparing for NIST SP January 23, 2018 For the American Council of Engineering Companies
Preparing for NIST SP 800-171 January 23, 2018 For the American Council of Engineering Companies Presented by Jon Williams, Partner jwilliams@pilieromazza.com (202) 857-1000 Kimi Murakami, Counsel kmurakami@pilieromazza.com
More informationCybersecurity Risk Management
Cybersecurity Risk Management NIST Guidance DFARS Requirements MEP Assistance David Stieren Division Chief, Programs and Partnerships National Institute of Standards and Technology (NIST) Manufacturing
More informationDFARS Safeguarding Covered Defense Information The Interim Rule: Cause for Confusion and Request for Questions
DFARS 252.204.7012 Safeguarding Covered Defense Information The Interim Rule: Cause for Confusion and Request for Questions By Jonathan Hard, CEO And Carol Claflin, Director of Business Development H2L
More informationTinker & The Primes 2017 Innovating Together
Tinker & The Primes 2017 Innovating Together Protecting Controlled Unclassified Information Systems and Organizations Larry Findeiss Bid Assistance Coordinator Oklahoma s Procurement Technical Assistance
More informationDepartment of Defense Cybersecurity Requirements: What Businesses Need to Know?
Department of Defense Cybersecurity Requirements: What Businesses Need to Know? Why is Cybersecurity important to the Department of Defense? Today, more than ever, the Department of Defense (DoD) relies
More informationSafeguarding Controlled Unclassified Information and Cyber Incident Reporting. Kevin R. Gamache, Ph.D., ISP Facility Security Officer
Safeguarding Controlled Unclassified Information and Cyber Incident Reporting Kevin R. Gamache, Ph.D., ISP Facility Security Officer Why Are We Seeing These Rules? Stolen data provides potential adversaries
More informationNew Process and Regulations for Controlled Unclassified Information
New Process and Regulations for Controlled Unclassified Information David Brady TJ Beckett Office of Export and Secure Research Compliance http://www.oesrc.researchcompliance.vt.edu/ Agenda Background
More informationUCOP ITS Systemwide CISO Office Systemwide IT Policy
UCOP ITS Systemwide CISO Office Systemwide IT Policy Revision History Date: By: Contact Information: Description: 08/16/17 Robert Smith robert.smith@ucop.edu Initial version, CISO approved Classification
More informationCOMPLIANCE IN THE CLOUD
COMPLIANCE IN THE CLOUD 3:45-4:30PM Scott Edwards, President, Summit 7 Dave Harris Society for International Affairs COMPLIANCE IN THE CLOUD Scott Edwards scott.edwards@summit7systems.com 256-541-9638
More informationCybersecurity Challenges
Cybersecurity Challenges Protecting DoD s Information NAVSEA Small Business Industry Day August 8, 2017 1 Outline Protecting DoD s Information DFARS Clause 252.204-7012 Contractor and Subcontractor Requirements
More informationCyber Security Challenges
Cyber Security Challenges Navigating Information System Security Protections Vicki Michetti, DoD CIO, Director, DIB Cybersecurity Program Mary Thomas, OUSD(AT&L), Defense Procurement and Acquisition Policy
More informationCYBER SECURITY BRIEF. Presented By: Curt Parkinson DCMA
CYBER SECURITY BRIEF Presented By: Curt Parkinson DCMA September 20, 2017 Agenda 2 DFARS 239.71 Updates Cybersecurity Contracting DFARS Clause 252.204-7001 DFARS Clause 252.239-7012 DFARS Clause 252.239-7010
More informationThe FAR Basic Safeguarding Rule
The FAR Basic Safeguarding Rule Erin B. Sheppard, Partner Michael J. McGuinn, Counsel December 8, 2016 Agenda Regulatory landscape FAR Rule History Requirements Harmonization Subcontract issues What s
More informationWhy is the CUI Program necessary?
Why is the CUI Program necessary? Executive departments and agencies apply their own ad-hoc policies and markings to unclassified information that requires safeguarding or dissemination controls, resulting
More informationCyber Security Challenges
Cyber Security Challenges Protecting DoD s Information Melinda Reed, OUSD(AT&L), Systems Engineering Mary Thomas, OUSD(AT&L), Defense Procurement and Acquisition Policy 1 Outline Cybersecurity Landscape
More informationAnother Cook in the Kitchen: The New FAR Rule on Cybersecurity
Another Cook in the Kitchen: The New FAR Rule on Cybersecurity Breakout Session #: F13 Erin B. Sheppard, Partner, Dentons US LLP Michael J. McGuinn, Counsel, Dentons US LLP Date: Tuesday, July 26 Time:
More informationProtecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations (NIST SP Revision 1)
https://www.csiac.org/ Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations (NIST SP800-171 Revision 1) Today s Presenter: Wade Kastorff SRC, Commercial Cyber Security
More informationOFFICE OF THE UNDER SECRETARY OF DEFENSE 3000DEFENSEPENTAGON WASHINGTON, DC
OFFICE OF THE UNDER SECRETARY OF DEFENSE 3000DEFENSEPENTAGON WASHINGTON, DC 20301-3000 ACQUISITION, TECHNO LOGY. A N D LOGISTICS SEP 2 1 2017 MEMORANDUM FOR COMMANDER, UNITED ST A TES SPECIAL OPERATIONS
More informationIndustry Perspectives on Active and Expected Regulatory Actions
July 15, 2016 Industry Perspectives on Active and Expected Regulatory Actions Alan Chvotkin Executive Vice President and Counsel, Professional Services Council chvotkin@pscouncil.org Trey Hodgkins Senior
More informationProtecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations
Protecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations January 9 th, 2018 SPEAKER Chris Seiders, CISSP Security Analyst Computing Services and Systems Development
More informationDFARS and the Aerospace & Defence Enterprise
DFARS and the Aerospace & Defence Enterprise Is Your Organisation Ready? October 2017 Lance Seelbach, CISSP, CISA, Client Security Officer Simon Aplin, Export Compliance Lead Aerospace & Defence ANZ Table
More informationRegulating Information: Cybersecurity, Internet of Things, & Exploding Rules. David Bodenheimer Evan Wolff Kate Growley
Regulating Information: Cybersecurity, Internet of Things, & Exploding Rules David Bodenheimer Evan Wolff Kate Growley Regulating Information The Internet of Things: Peering into the Future Cybersecurity
More informationNew Cyber Rules. Are You Ready? Bob Metzger, RJO Dave Drabkin, DHG Tom Tollerton, DHG. Issues in Focus Webinar Series. government contracting
New Cyber Rules Are You Ready? Bob Metzger, RJO Dave Drabkin, DHG Tom Tollerton, DHG Issues in Focus Webinar Series 1 Speaker Information Robert S. Metzger Rogers Joseph O Donnell PC (202)777.8951 Rmetzger@rjo.com
More informationNovember 20, (Via DFARS Case 2013-D018)
November 20, 2015 (Via email osd.dfars@mail.mil, DFARS Case 2013-D018) Mr. Dustin Pitsch Defense Acquisition Regulations System OUSD(AT&L)DPAP/DARS Room 3B941 3060 Defense Pentagon Washington, DC 20301
More informationSpecial Publication
Special Publication 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations Patricia Toth NIST MEP What is Information Security? Personnel Security Cybersecurity
More informationExecutive Order 13556
Briefing Outline Executive Order 13556 CUI Registry 32 CFR, Part 2002 Understanding the CUI Program Phased Implementation Approach to Contractor Environment 2 Executive Order 13556 Established CUI Program
More informationFRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.
FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013 Visit us online at Flank.org to learn more. HITRUST CSF v9 Framework ISO 27001/27002:2013 Framework FLANK ISO 27001/27002:2013 Documentation from
More informationCompliance with NIST
Compliance with NIST 800-171 1 What is NIST? 2 Do I Need to Comply? Agenda 3 What Are the Requirements? 4 How Can I Determine If I Am Compliant? 5 Corserva s NIST Assessments What is NIST? NIST (National
More informationMDA Acquisition Updates
MDA Acquisition Updates Laura M. DeSimone Director for Acquisition & Karla Smith Jackson Director of Contracts Missile Defense Agency May 15, 2018 Distribution Statement A:, distribution is unlimited.
More informationInformation Security Issues in Research
Information Security Issues in Research March 2019 The information provided here is of a general nature and is not intended to address the specific circumstances of any individual or entity. In specific
More informationClick to edit Master title style
Click to edit Master title style Fourth level Click The to DFARS edit Master UCTI title Clause style How It Impacts the Subcontract Relationship Breakout Third Session level #F11 Fourth level Phillip R.
More informationexisting customer base (commercial and guidance and directives and all Federal regulations as federal)
ATTACHMENT 7 BSS RISK MANAGEMENT FRAMEWORK PLAN [L.30.2.7, M.2.2.(7), G.5.6; F.2.1(41) THROUGH (76)] A7.1 BSS SECURITY REQUIREMENTS Our Business Support Systems (BSS) Risk MetTel ensures the security of
More informationO0001(OCT
Network Penetration Reporting and Contracting for Cloud Services (DFARS Case 2013 D018) Frequently Asked Questions (FAQs) regarding the implementation of DFARS Subpart 204.73, and PGI Subpart 204.73 DFARS
More informationCyber Security For Business
Cyber Security For Business In today s hostile digital environment, the importance of securing your data and technology cannot be overstated. From customer assurance, liability mitigation, and even your
More informationHandbook Webinar
800-171 Handbook Webinar Pat Toth Cybersecurity Program Manager National Institute of Standards and Technology (NIST) Manufacturing Extension Partnership (MEP) NIST MEP 800-171 Assessment Handbook Step-by-step
More information2017 SAME Small Business Conference
2017 SAME Small Business Conference Welcome to Cybersecurity Initiatives and Speakers: Requirements: Protecting DOD s Unclassified Information Vicki Michetti, Director, Defense Industrial Base Cybersecurity
More informationcybersecurity challenges for government contractors
24 Contract Management May 2012 Contract Management May 2012 25 C ybersecurity is a hot topic these days for U.S. government contractors. While overall federal IT spending for 2013 is projected to decrease
More informationCybersecurity in Acquisition
Kristen J. Baldwin Acting Deputy Assistant Secretary of Defense for Systems Engineering (DASD(SE)) Federal Cybersecurity Summit September 15, 2016 Sep 15, 2016 Page-1 Acquisition program activities must
More informationNISP Update NDIA/AIA John P. Fitzpatrick, Director May 19, 2015
NISP Update NDIA/AIA John P. Fitzpatrick, Director May 19, 2015 Agenda Cybersecurity Information Sharing and the NISP NISP Working Group Update CUI Program Update 2 Executive Order 13691 Promoting Private
More informationClick to edit Master title style
Click to edit Master title style Click The Big to edit Cyber Master Mystery: title What style Contracting Professionals Need to Know Breakout Third Session level # E-10 Eric Crusius, Esq. Counsel Miles
More informationClick to edit Master title style
Click to edit Master title style Click to edit Master text styles Second level Click What to To edit Do Master When title They style Come For You: How to Safeguard Your UCTI Click to edit Master text styles
More informationCOMPLIANCE SCOPING GUIDE
COMPLIANCE SCOPING GUIDE Version 2017.2 Disclaimer: This document is provided for REFERENCE purposes only. It does not render professional services and is not a substitute for professional services. If
More informationInformation for entity management. April 2018
Information for entity management April 2018 Note to readers: The purpose of this document is to assist management with understanding the cybersecurity risk management examination that can be performed
More informationISOO CUI Overview for ACSAC
ISOO CUI Overview for ACSAC Briefing Outline ISOO Overview Overview of the CUI Program CUI and IT Implementation CUI and NIST Standards and Guidelines NIST SP 800-171 CUI Approach for the Contractor Environment
More informationData Preservation Checklists
Data Preservation Checklists At the G8 meeting of Justice and Interior Ministers in Moscow in October 1999, the Ministers recognized that law enforcement authorities conducting criminal investigations
More informationDavidson Technologies: A Medium Sized Business Experience with DFARS 7012/NIST
Davidson Technologies: A Medium Sized Business Experience with DFARS 7012/NIST 800-171 Davidson Technologies Founded in 1996 by Dr. Julian Davidson Father of Missile Defense in America Sen. Jeff Sessions
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Network Mapping The Network Mapping helps visualize the network and understand relationships and connectivity between
More informationControlled Unclassified Information (CUI) and FISMA: an update. May 12, 2017 Mark Sweet, Nancy Lewis, Grace Park Stephanie Gray, Alicia Turner
Controlled Unclassified Information (CUI) and FISMA: an update May 12, 2017 Mark Sweet, Nancy Lewis, Grace Park Stephanie Gray, Alicia Turner What is FISMA? Federal Information Security Modernization Act
More informationSTRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE
STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby
More informationCybersecurity: Complying with Federal Regulations for Research and by Research Institutions
M310 October 16, 2017; 2:00 p.m. 3:00 p.m. Cybersecurity: Complying with Federal Regulations for Research and by Research Institutions J. Michael Slocum, Esquire; Slocum & Boddie, P.C. Alexandria, VA USA
More informationBusiness Partner Security Standard
Business Partner Security Standard Responsible Office: Technology Services, Information Security Office Initial Standard Approved: 03/2016 Current Revision Approved: 06/01/2017 Standard Statement and Purpose
More informationOutline. Other Considerations Q & A. Physical Electronic
June 2018 Outline What is CUI? CUI Program Implementation of the CUI Program NIST SP 800-171A (Draft) Federal Acquisition Regulation update Basic and Specified CUI Marking Destruction Controlled Environments
More informationPS Mailing Services Ltd Data Protection Policy May 2018
PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect
More informationngenius Products in a GDPR Compliant Environment
l FAQ l ngenius Products in a GDPR Compliant Environment This document addresses questions from organizations that use ngenius Smart Data Core platform and application products and are evaluating their
More informationSession 609 Tuesday, October 22, 2:45 PM - 3:45 PM Track: IT Governance and Security
Session 609 Tuesday, October 22, 2:45 PM - 3:45 PM Track: IT Governance and Security An Overview of Recent Changes to ISO 20000 Ron Lester Enterprise Service Management Consultant, Information Technology
More informationfips185 U.S. DEPARTMENT OF COMMERCE/National Institute of Standards and Technology
FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION 185 1994 February 9 U.S. DEPARTMENT OF COMMERCE/National Institute of Standards and Technology ESCROWED ENCRYPTION STANDARD CATEGORY: TELECOMMUNICATIONS
More informationPrivacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information
Privacy Statement Introduction Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information about how IT Support (UK) Ltd handle personal information.
More informationDATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE
DATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE Melodi (Mel) M. Gates mgates@pattonboggs.com (303) 894-6111 October 25, 2013 THE CHANGING PRIVACY CLIMATE z HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY
More informationFedRAMP Security Assessment Framework. Version 2.0
FedRAMP Security Assessment Framework Version 2.0 June 6, 2014 Executive Summary This document describes a general Security Assessment Framework (SAF) for the Federal Risk and Authorization Management
More informationCIP Cyber Security Personnel & Training
A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-6 3. Purpose: To minimize the risk against compromise that could lead to misoperation or instability in the Bulk Electric
More informationAccelerate GDPR compliance with the Microsoft Cloud
Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Accelerate GDPR compliance with
More informationCompliance with CloudCheckr
DATASHEET Compliance with CloudCheckr Introduction Security in the cloud is about more than just monitoring and alerts. To be truly secure in this ephemeral landscape, organizations must take an active
More informationProgram Protection Implementation Considerations
Program Protection Implementation Considerations Melinda Reed Deputy Director for Program Protection Office of the Deputy Assistant Secretary of Defense for Systems Engineering NDIA Program Protection
More informationDOD Lawyers Roundtable Defense Logistics Agency (DLA Energy)
Session: DoD Lawyers Roundtable DOD Lawyers Roundtable Defense Logistics Agency (DLA Energy) Kelly Tischler, Senior Counsel August 10, 2016 Rhode Island Convention Center Providence, Rhode Island DLA Energy
More informationHousecall Privacy Statement Statement Date: 01/01/2007. Most recent update 09/18/2009
Housecall Privacy Statement Statement Date: 01/01/2007. Most recent update 09/18/2009 Privacy Policy Intent: We recognize that privacy is an important issue, so we design and operate our services with
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationAppendix 2B. Supply Chain Risk Management Plan
Granite Telecommunications, LLC. 100 Newport Ave. Ext. Quincy, MA 02171 Appendix 2B Supply Chain Risk Management Plan This proposal or quotation includes data that shall not be disclosed outside the Government
More informationHow to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
More informationA Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud
A Checklist for Compliance in the Cloud 1 A Checklist for Compliance in the Cloud A Checklist for Compliance in the Cloud 1 With the industrialization of hacking and the enormous impact of security breaches,
More informationHIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp
HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp Agenda Introductions HIPAA Background and History Overview of HIPAA Requirements
More informationSANMINA CORPORATION PRIVACY POLICY. Effective date: May 25, 2018
SANMINA CORPORATION PRIVACY POLICY Effective date: May 25, 2018 This Privacy Policy (the Policy ) sets forth the privacy principles that Sanmina Corporation and its subsidiaries (collectively, Sanmina
More informationQuick Start Strategy to Compliance DFARS Rob Gillen
WELCOME Quick Start Strategy to Compliance DFARS 252.204-7012 Rob Gillen Overview Meet Bill Harrison Meet FASTLANE Important Updates Overview of NIST 800-171 Case Studies 5 Items to a Quick Start Strategy
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationNew Jersey LFN Packet Check List
New Jersey LFN 2012-10 Packet Check List Contract Documents Screenshot Page from solicitation that indicates Lead Agency and issuance of solicitation on behalf of themselves, U.S. Communities and agencies
More informationWhat is cloud computing? The enterprise is liable as data controller. Various forms of cloud computing. Data controller
A guide to CLOUD COMPUTING 2014 Cloud computing Businesses that make use of cloud computing are legally liable, and must ensure that personal data is processed in accordance with the relevant legislation
More informationOverview of Akamai s Personal Data Processing Activities and Role
Overview of Akamai s Personal Data Processing Activities and Role Last Updated: April 2018 This document is maintained by the Akamai Global Data Protection Office 1 Introduction Akamai is a global leader
More informationAmerican Association for Laboratory Accreditation
R311 - Specific Requirements: Federal Risk and Authorization Management Program Page 1 of 10 R311 - Specific Requirements: Federal Risk and Authorization Management Program 2017 by A2LA. All rights reserved.
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015
Federal Energy Regulatory Commission Order No. 791 January 23, 2015 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently
More informationSTATE OF NEW JERSEY. ASSEMBLY, No th LEGISLATURE. Sponsored by: Assemblywoman ANNETTE QUIJANO District 20 (Union)
ASSEMBLY, No. 0 STATE OF NEW JERSEY th LEGISLATURE INTRODUCED NOVEMBER 0, 0 Sponsored by: Assemblywoman ANNETTE QUIJANO District 0 (Union) SYNOPSIS Requires certain persons and business entities to maintain
More informationHow the GDPR will impact your software delivery processes
How the GDPR will impact your software delivery processes About Redgate 230 17 202,000 2m Redgaters and counting years old customers SQL Server Central and Simple Talk users 91% of the Fortune 100 use
More informationProtecting your data. EY s approach to data privacy and information security
Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share
More informationAdvanced Technology Academic Research Council Federal CISO Summit. Ms. Thérèse Firmin
Advanced Technology Academic Research Council Federal CISO Summit Ms. Thérèse Firmin Acting Deputy DoD CIO Cyber Security Department of Defense 25 January 2018 2 Overview Secretary Mattis Priorities Cybersecurity
More informationAudit Considerations Relating to an Entity Using a Service Organization
An Entity Using a Service Organization 355 AU-C Section 402 Audit Considerations Relating to an Entity Using a Service Organization Source: SAS No. 122; SAS No. 128; SAS No. 130. Effective for audits of
More information