cybersecurity requirements for federal contracts seminar
play

Cybersecurity Requirements for Federal Contracts Seminar 8/9/17, - PowerPoint PPT Presentation

Dec 08, 2023 •383 likes •782 views

Cybersecurity Requirements for Federal Contracts Seminar 8/9/17, 9- noon Time Topic Speaker 9-9:30 Arrival and Breakfast - 9:30 Welcome Don Pital, Manager GaMEP Don.pital@innovate.gatech.edu 9:35-9:55 Ga Sponsor Introductions Karen

  1. Cybersecurity Requirements for Federal Contracts Seminar 8/9/17, 9- noon Time Topic Speaker 9-9:30 Arrival and Breakfast - 9:30 Welcome Don Pital, Manager GaMEP Don.pital@innovate.gatech.edu 9:35-9:55 Ga Sponsor Introductions Karen Fite (5 min. ea.) Karen.fite@innovate.gatech.edu Director GaMEP Nancy Cleveland nancy.Cleveland@innovate.gatech.edu - Director, GTPAC John Morehouse jmorehouse@Georgia.org - Georgia Dept. of Economic Development- Director, Center of Innovation- Manufacturing Amy Hudnall aHudnall@Georgia.org - Georgia Dept. of Economic Development- Director, Center of Innovation- Aerospace 10- NIST 800-171 Presentation Dave Stieren david.Stieren@nist.gov , 10:45a and Questions NIST Program Mgr. 10:45- 11 Questions/ Break 11-11:45 Cytellix Presentation and Spencer Cobb scobb@cytellix.com , Questions Business Development Mgr., Cytellix 11:45 -12 Questions and Wrap-up Don Pital

  2. NIST Special Publication 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations David Stieren Division Chief, Programs and Partnerships NIST Manufacturing Extension Partnership (MEP) August 2017 on behalf of Pat Toth NIST MEP Cybersecurity Program Manager MEP Overview

  3. What is Information Security? Cyber- Personnel security Security Operational Privacy Security Contingency Planning & Physical Disaster Security Recovery 3 MEP Overview

  4. Our appetite for advanced technology is rapidly exceeding our ability to protect it. MEP Overview

  5. We are vulnerable because our information technology is fragile and susceptible to a wide range of threats including:  natural disasters.  structural failures.  cyber attacks.  human errors. MEP Overview

  6. 6 NIST is a non-regulatory agency of the • U.S. Department of Commerce. • NIST serves as U.S. National Measurement Institute NIST Cybersecurity Guidance – Operate Laboratory programs that support U.S. innovation, standards development. • Focus on metrology and standards – Manage the National Network of MEP Centers that provide technical assistance as FIPS trusted advisors to U.S. manufacturers in every state and Puerto Rico. Special Publications • IMPORTANT: NISTIRs NIST does not regulate U.S. cybersecurity – rather, NIST provides neutral technical expertise, guidance, and reference materials that underlie regulations and requirements of other government agencies and industry organizations. MEP Overview

  7. NIST Manufacturing Extension Partnership (MEP) Partnership Model PROGRAM MISSION • Federal, State, Industry To enhance the productivity • Managed by NIST at and technological performance Federal level Local National Connection of U.S. Manufacturing • Well aligned with state System of Centers providing and local economic localized service to manufacturers in development strategies each State – with National reach and resources National Network • MEP Center in all 50 U.S. states plus Puerto Rico. MEP Strategy: Global • System-wide non-Federal staff of Competitiveness and Growth MEP Budget & Business Model over 1,200 individuals in ~600 Provide direct, hands-on $130M FY17 Federal Budget service locations assisting U.S. technical and business with Cost Share Requirements manufacturers. assistance as trusted advisors to Contracting with >2,500 3 rd party for Centers • domestic manufacturers to help service providers them compete and grow 2 MEP Overview

  8. NIST Cybersecurity Framework Fram amew ework rk for r Impro provin ing g Criti tica cal l Infr fras astru tructur cture Cyber bersec ecurity rity Presidential Executive Order 13636, “Improving Critical Infrastructure Security,” February 2013 Version 1.0 National Institute of Standards and Technology February 12, 2014 • Established that “[i]t is the Policy of the United States to: – enhance security and resilience of Nation’s critical infrastructure – maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties.” • Called for development of voluntary risk-based Cybersecurity Framework – set of industry standards and best practices to help organizations manage cybersecurity risks. • The NIST Cybersecurity Framework, created thru collaboration between govt. & private sector, uses common language to address and manage cybersecurity risk in cost-effective way based on business needs – without placing addl. regulatory requirements on businesses. – FRAMEWORK CORE: Identify, Protect, Detect, Respond, Recover 8 MEP Overview

  9. What is the DFARS cybersecurity requirement? • Clause 252.204-7012 of the DFARS requires defense contractors and subcontractors to: 1. Provide adequate security to safeguard covered defense information (CDI) that resides on or is transiting through a contractor’s internal information system or network 2. Report cyber incidents that affect a covered contractor information system or the CDI residing therein, or that affect the contractor’s ability to perform requirements designated as operationally critical support 3. Submit malicious software discovered and isolated in connection with a reported cyber incident to the DOD Cyber Crime Center 4. If requested, submit media and additional information to support damage assessment 5. Flow down the clause in subcontracts for operationally critical support, or for which subcontract performance will involve CDI 9 MEP Overview

  10. What is the purpose of DFARS clause 252.204-7012? • DFARS 252.204-7012 was structured to ensure that – controlled unclassified DoD info residing on a contractor’s internal info system is safeguarded from cyber incidents, – any consequences associated with the loss of this info are assessed and minimized via the cyber incident reporting and damage assessment processes. • The clause also provides a single DoD-wide approach to safeguarding covered contractor information systems - preventing the proliferation of multiple/potentially different safeguarding controlled unclassified information clauses and contract language by various entities across DoD. 10 MEP Overview

  11. What does this DFARS cybersecurity requirement mean? • This requirement is an included clause in defense contracts. – By signing a defense contract, the contractor agrees to comply with the contract terms. – DFARS 252.204.7012 applies to info systems that process, store, or transmit CUI . – CUI is info that law, regulation, or governmentwide policy requires to have safeguarding or disseminating controls, excluding info that is classified under Executive Order 13526, Classified National Security Information, December 29, 2009, or any predecessor or successor order, or the Atomic Energy Act of 1954, as amended. • Examples of CUI include: Controlled Technical Information, Export Control Information, and DoD Critical Infrastructure Security Information. • For additional information visit the National Archives CUI webpage: https://www.archives.gov/cui 11 MEP Overview

  12. What do contractors need to do to ensure compliance and when does this apply? • Defense contractors are required by DFARS to provide adequate security on all covered contractor info systems. • To provide adequate security, defense contractors must implement, at a minimum, the following information security protections: – NIST SP 800-171, as soon as practical, but not later than December 31, 2017 . 12 MEP Overview

  13. What is “adequate security”? • DFARS requires that contractors and their subcontractors employ “adequate security” • This means that protective measures are employed commensurate with consequences and probability of loss, misuse, or unauthorized access to, or modification of information. • Contractors should implement, at a minimum, the security controls in NIST SP 800-171 rev 1, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations .” • Contractors are obligated to rapidly report (within 72 hours of discovery) any cyber incident that affects the covered contractor’s – info system, CDI, or the contractor’s ability to provide operationally critical support. – Reporting obligations also require that contractors isolate and capture, if possible, an image of the malicious software (e.g., worm, virus, etc.) and provide access to covered contractor info systems and other info if requested by DoD. 13 MEP Overview

  14. What is a "Covered contractor information system”? • DFARS 252.204- 7012(a): “covered contractor information system” – “an unclassified info system that is owned, or operated by or for, a contractor and that processes, stores, or transmits covered defense info.” – A covered contractor info system is specifically an ‘‘unclassified’’ info system. – A covered contractor info system requires safeguarding in accordance with 252.204-7012(b) because performance of the contract requires that the system process, store, or transmit CDI. 14 MEP Overview

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Federal Cybersecurity Workforce Federal Computer Security Managers Forum February 14, 2017 1

Federal Cybersecurity Workforce Federal Computer Security Managers Forum February 14, 2017 1

Federal Cybersecurity Workforce Federal Computer Security Managers Forum February 14, 2017 1 2/16/17 Presentation Outline I. New Cybersecurity Codes II. CyberCareers.gov 2/16/17 2 Background on Cybersecurity Codes 2013: Began identifying and

464 views • 14 slides
CCC Leadership in Embedded Security Workshop 2017 Tomas Vagoun Cybersecurity R&D

CCC Leadership in Embedded Security Workshop 2017 Tomas Vagoun Cybersecurity R&D

CCC Leadership in Embedded Security Workshop 2017 Tomas Vagoun Cybersecurity R&D Coordinator Na4onal Coordina4on Office for NITRD Strategic Plan for Federal Cybersecurity R&D Federal Cybersecurity R&D Goals S&T for effec5ve

530 views • 5 slides
CYBERSECURITY CYBERSECURITY SEMINAR SEMINAR STEVE RUTKOVITZ STEVE RUTKOVITZ ABOUT STEVE

CYBERSECURITY CYBERSECURITY SEMINAR SEMINAR STEVE RUTKOVITZ STEVE RUTKOVITZ ABOUT STEVE

PROTECTING YOU AND YOUR BUSINESS CYBERSECURITY CYBERSECURITY SEMINAR SEMINAR STEVE RUTKOVITZ STEVE RUTKOVITZ ABOUT STEVE RUTKOVITZ ABOUT STEVE RUTKOVITZ For over 20 years, Steve owned and operated a very successful MSP business. W ith a

516 views • 25 slides
FAA funded contracts Lincoln and Yellowstone Airports Federal Fiscal Year 2018-2020 Goal Setting

FAA funded contracts Lincoln and Yellowstone Airports Federal Fiscal Year 2018-2020 Goal Setting

MDT DBE Goal Methodology for FAA funded contracts Lincoln and Yellowstone Airports Federal Fiscal Year 2018-2020 Goal Setting Requirements Requirements for setting overall DBE goals are specified in 49 CFR 26.45

412 views • 22 slides
Difficulties In Evolving the Cybersecurity Workforce: As Clear As A.I.R (Archaic Ineffective

Difficulties In Evolving the Cybersecurity Workforce: As Clear As A.I.R (Archaic Ineffective

Difficulties In Evolving the Cybersecurity Workforce: As Clear As A.I.R (Archaic Ineffective Requirements) Corey T. Jackson, MBA, CISSP, CSSLP, NET+ Senior Enterprise Knowledge Architect US Department of Justice- Federal Bureau of

341 views • 9 slides
Cybersecurity Update Dale Marroquin, CISSP Information Security Officer San Antonio Federal

Cybersecurity Update Dale Marroquin, CISSP Information Security Officer San Antonio Federal

Cybersecurity Update Dale Marroquin, CISSP Information Security Officer San Antonio Federal Credit Union Topics Cybersecurity news and headlines What are the threats and targets? Hackers and malware Email - Phishing

854 views • 50 slides
Licensing requirements and council contracts Todays discussion To Today day we we wi will

Licensing requirements and council contracts Todays discussion To Today day we we wi will

Consumer and Business Services Licensing requirements and council contracts Todays discussion To Today day we we wi will co ll cover ver Legal requirements Consequences for unlicensed contracting Compliance &

692 views • 22 slides
ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity

ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity

ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity Related to Subregional Seminar on Cybersecurity for Information and Communication Networks 21 June 2005 Lima, Peru Christine Sund Christine Sund

921 views • 48 slides
contracts Our Cybersecurity Webinar Series To help you understand the cyber risk in your legal

contracts Our Cybersecurity Webinar Series To help you understand the cyber risk in your legal

Data Governance & Contract Management: How you can build security into your contracts Our Cybersecurity Webinar Series To help you understand the cyber risk in your legal vendor portfolio: Week 1 Week 2 Week 3 Week 4 July July July

366 views • 19 slides
U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity cybersecurity? William J. Perry Martin Casado Keith Coleman Dan Wendlandt MS&E 91SI Spring 2004 Stanford University U.S. National Cybersecurity

79 views • 7 slides
Recommendations for Improved DIB Cybersecurity Dr. Eric Cole SVP & CTO of the Americas

Recommendations for Improved DIB Cybersecurity Dr. Eric Cole SVP & CTO of the Americas

Recommendations for Improved DIB Cybersecurity Dr. Eric Cole SVP & CTO of the Americas eric_cole@mcafee.com April 7 th , 2010 About Dr. Eric Cole Previous Federal Cybersecurity Official (IC) Previous cybersecurity chief

93 views • 7 slides
Change Orders and Claims on Federal Contracts June 26, 2013 - PMI Washington DC Don Carney

Change Orders and Claims on Federal Contracts June 26, 2013 - PMI Washington DC Don Carney

Change Orders and Claims on Federal Contracts June 26, 2013 - PMI Washington DC Don Carney Perkins Coie LLP Perkins Coie 18 offices across the United States and China 22 attorney government contracts practice Web based resources

504 views • 36 slides
Seminar Series Oil and Gas Pipeline Transmission Infrastructure Cybersecurity and Resiliency Al

Seminar Series Oil and Gas Pipeline Transmission Infrastructure Cybersecurity and Resiliency Al

Seminar Series Oil and Gas Pipeline Transmission Infrastructure Cybersecurity and Resiliency Al Rivero, PE CREDC Summer School February 5th, 2018 Funded by the U.S. Department of Energy and the U.S. Department of Homeland Security |

469 views • 11 slides
2019 Cybersecurity Report Beyond Obfuscation: The Defense Industrys Position within Federal

2019 Cybersecurity Report Beyond Obfuscation: The Defense Industrys Position within Federal

2019 Cybersecurity Report Beyond Obfuscation: The Defense Industrys Position within Federal Cybersecurity Policy About the Report Section I: Illustrations of Cyber Threats and Vulnerabilities Section II: Policy Response to Cyber Risk

249 views • 20 slides
Miscellaneous Requirements 120 Contents Contract Pricing and Types of Contracts

Miscellaneous Requirements 120 Contents Contract Pricing and Types of Contracts

10 CHAPTER Miscellaneous Requirements 120 Contents Contract Pricing and Types of Contracts Contractor Responsibility HUD Limited Denial of Participation GSA Debarment or Suspension Evaluating Cost and Price Protests

526 views • 29 slides
Seminar Series Cybersecurity for IoT to Nuclear Fred Cohn, Program Director Property of

Seminar Series Cybersecurity for IoT to Nuclear Fred Cohn, Program Director Property of

Seminar Series Cybersecurity for IoT to Nuclear Fred Cohn, Program Director Property of Schneider Electric Who Am I? Program Director, Schneider Electric Product Security Office Cybersecurity Strategy Process (SDL) Deployment and

382 views • 26 slides
IT ITD D Cy Cyber ber Secu curi rity ty The NIST Framework High Value for ITS Shannon

IT ITD D Cy Cyber ber Secu curi rity ty The NIST Framework High Value for ITS Shannon

IT ITD D Cy Cyber ber Secu curi rity ty The NIST Framework High Value for ITS Shannon Barnes, CIO Craig Schumacher, CISO Idaho Transportation Department September 2015 NIST Cybersecurity Framework National Institute of Standards

336 views • 11 slides
NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 Overview

NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 Overview

NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 Overview The University of Pittsburgh NIST Cybersecurity Framework Pitt NIST Cybersecurity Framework Program Wrap Up Questions The

472 views • 33 slides
Eco-Friendly Educational Hub. Excellent Campus with Academic Ambience

Eco-Friendly Educational Hub. Excellent Campus with Academic Ambience

Eco-Friendly Educational Hub. Excellent Campus with Academic Ambience Excellent Academic Results Free Branded Laptop and Cell Phone 24x7 Dedicated Internet Leased Line. Fully Air-conditioned Class Rooms for

431 views • 42 slides
MGX CEO Presentation 23 March 2018 Disclaimer This Document is Confidential and may not be

MGX CEO Presentation 23 March 2018 Disclaimer This Document is Confidential and may not be

General Meeting MGX CEO Presentation 23 March 2018 Disclaimer This Document is Confidential and may not be reproduced, redistributed or passed on, directly or indirectly, to any other person, or published, in whole or in part, for any purpose

390 views • 13 slides
The VVSG Version 1.1 Overview John P. Wack john.wack@nist.gov NIST Voting Program National

The VVSG Version 1.1 Overview John P. Wack john.wack@nist.gov NIST Voting Program National

The VVSG Version 1.1 Overview John P. Wack john.wack@nist.gov NIST Voting Program National Institute of Standards and Technology Overview Background and issues Selection criteria for ported material Overview of the ported material

535 views • 15 slides
Using&Risk&Management&to&Improve& Privacy&in&Informa7on&Systems 1

Using&Risk&Management&to&Improve& Privacy&in&Informa7on&Systems 1

Using&Risk&Management&to&Improve& Privacy&in&Informa7on&Systems 1 Poten7al&Problems&for&Individuals Loss&of&Autonomy Exclusion Loss&of&Self& Loss&of&Liberty

538 views • 19 slides
NIST Trustworthy Email Project High Assurance Domain Project Scott Rose, NIST scottr@nist.gov

NIST Trustworthy Email Project High Assurance Domain Project Scott Rose, NIST scottr@nist.gov

NIST Trustworthy Email Project High Assurance Domain Project Scott Rose, NIST scottr@nist.gov ICANN Meeting Oct. 15 th , 2014 Los Angeles CA First, A Bit of History 2011 USG DNSSEC Tiger Team has a 2 nd goal: authenticated email

308 views • 4 slides
Night Vision Optics May, 2020 NIGHT VISION OPTICS The first devices were developed in 1935,

Night Vision Optics May, 2020 NIGHT VISION OPTICS The first devices were developed in 1935,

Night Vision Optics May, 2020 NIGHT VISION OPTICS The first devices were developed in 1935, called Gen. 0 NV devices The first passive analog NV devices which could operate with the ambient light were called Gen. 1 NV, which are still

139 views • 9 slides

More recommend