Follow on Google News
News By Tag
* DFARS
* DoD
* Nist
* More Tags...
Industry News
* Technology
* More Industries...
News By Location
* Nashua
  New Hampshire
  United States
* More Locations...

Country(s)
United States
Australia
India
Hong Kong
England
China
- - -
More Countries


Industry News





April 2024
TuMoSuSaFrThWe
23222120191817

Follow on Google News

Some Good News and Bad on the DFARS Compliance Deadline

Ellen Lord, the Undersecretary of Defense for Acquisition, Technology and Logistics, recently testified before Congress on the end-of-year deadline for compliance with DFARS/NIST (SP) 800-171 cybersecurity and cyber-incident reporting requirements
By: RegDOX Solutions
 
NASHUA, N.H. - Dec. 26, 2017 - PRLog -- Many Department of Defense (DoD) Contractors have been looking at the end of 2017 with dread.  Strict, new DoD regulations require that before 2018 they comply with detailed cybersecurity and cyber-incident reporting requirements or lose their DoD contracts. But now, those who thought they could not meet that deadline have been thrown a lifeline.

Ellen Lord, who is the Undersecretary of Defense for Acquisition, Technology and Logistics, recently testified before Congress on the end-of-year deadline for compliance with the DFARS/NIST (SP) 800-171 cybersecurity and cyber-incident reporting requirements.  Her testimony had both good news and bad news, with the good outweighing the bad.

The good news is that despite the seeming mandatory language of DFARS section 252.204-7008 that a contractor will "implement" the 110 controls in 800-171 "not later than December 31, 2017"1, Undersecretary Lord stated that "the only requirement for this year is to lay out what your plan is . . .."

The bad news is that a plan must be more than just planning to comply.  Secretary Lord indicated that there is a need for a "template" against which a contractor can "just report [its] compliance to it."

A video of Secretary Lord's remarks and an article describing their effect are at the links in the footnote below.2 As the commentator in the article says, [c]ompanies that do not adhere to the new rules could lose existing contracts and be barred from seeking new government contracts."

So, the good news is that end-of-year compliance has become easier.  The bad news is still not having a solution in place means loss of DoD business.

But there is more good news.  RegDOX has an off-the-shelf compliance plan for medium and small defense contractors and sub-contractors.  It provides the same gap analysis, remediation, plan of action and milestones we have been providing DoD contractors over the past year. RegDOX is prepared to get this in place for your company by the end of 2017.  Just call.

RegDOX Solutions Inc.

1 Tara Blvd., Suite 300

Nashua, NH 03063

+1.603.589.4830

RegDOX.Sales@RegDOX.com

www.RegDOX.com

1 See also 252.204-7012(b)(2)1(ii)(A) ("The Contractor shall implement NIST SP 800-171, as soon as practical, but not later than December 31, 2017. For all contracts awarded prior to October 1, 2017, the Contractor shall notify the DoD Chief Information Officer (CIO), via email at osd.dibcsia@mail.mil, within 30 days of contract award, of any security requirements specified by NIST SP 800-171 not implemented at the time of contract award.")

2  https://www.c-span.org/video/?c4701321/hon-ellen-lord-dfars-cyber-comments

http://www.nextgov.com/cio-briefing/2017/12/pentagon-delays-deadline-military-suppliers-meet-cybersecurity-rules/144562/

Contact
RegDOX Solutions Inc,
***@regdox.com
End
Source:RegDOX Solutions
Email:***@regdox.com Email Verified
Tags:DFARS, DoD, Nist
Industry:Technology
Location:Nashua - New Hampshire - United States
Subject:Features
Account Email Address Verified     Account Phone Number Verified     Disclaimer     Report Abuse
RegDOX Solutions Inc News
Trending
Most Viewed
Daily News

Most Viewed
Daily News

Dec 26, 2017 News



Like PRLog?
9K2K1K
Click to Share