It’s no secret that the Cyber War has already begun, and if the United States doesn’t stay ahead of the cybersecurity threats, things could get messy. The Washington Post recently reported that the Pentagon is getting serious in regards to how the U.S. Department of Defense supply chain is built. In short, if we don’t take things seriously, we are putting our nation at risk.
As a whole, information and cybersecurity awareness has made some decent strides recently…but we still have a long ways to go. That said, one of the biggest constraints for businesses when it comes to security, is time and resources (money). Next in line, is managing a security program that goes beyond “being compliant.”
When it comes to the supply chain of the DoD, primary contractors are relying heavily on their sub-contractors (mainly SMBs) to follow the rigorous demands of the DFARS / NIST SP 800-171 requirements. By doing so, we are expecting companies who aren’t information and cybersecurity experts, to keep our nation’s sensitive data protected from those who shouldn’t have it.
It’s Time for that to Change.
“The major goal is to move our suppliers, the defense industrial base and the rest of the private sector who contribute to the supply chain, beyond a posture of compliance — to owning the problem with us,” said Chris Nissen, director of asymmetric-threat response at Mitre.
As a third party information and cybersecurity firm, Beryllium understands the stress that SMB’s who are supplying to the DoD are dealing with, because we’ve been working side-by-side with them since the DFARS requirements were laid out. It’s not that these contractors don’t want to find the correct way to be (and stay) compliant, because they do! They flat out don’t have the time and resources to do so.
Security should be seen not as a “cost burden,” Kari Bingen, the Pentagon’s deputy undersecretary for intelligence, told the House Armed Services Committee, “but as a major factor in their competitiveness for U.S. government business.”
Cuick trac™ identified the problem (lack of time and resources), collaborated with other niche security companies who solve specific problems in the security space, to build a fully compliant solution that businesses can afford. It took a lot of time, effort and collaboration, but when we were done, there was finally was a solution that covers all 110 NIST SP 800-171 controls, covering all 14 control families, and every requirement under DFARS 252.204-7012.
Protecting our nation’s Controlled Unclassified Information (CUI) is the law. And, by what’s discussed in the before mentioned article by the Washington Post, the Pentagon isn’t joking around.
This is a serious issue and cuick trac™ is the answer.