<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo

Audit Management, DFARS, Corporate Compliance and Oversight, Cybersecurity Frameworks

Resources for Suppliers - Northrop Grumman Guidance on DFARS Requirements


Northrop Grumman published guidance for their suppliers entitled 'cybersecurity resources for suppliers. In it, they state the requirements related to DFARS and NIST SP 800-171, specifically the creation of required compliance documents - a System Security Plan and Plan of Actions and Mitigations at a very minimum.

[Learn how our customers have tackled NIST 800-171 in-house and now manage DoD compliance on thier own with a time-efficient, cost-effective plan of action]

"Our customers, including the U.S. Government, are increasingly imposing mandatory cybersecurity measures and controls on their prime contractors and supply chain.  Department of Defense (DoD) contracts awarded since August 2015 include the Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012, which requires prime contractors and their suppliers at all tiers to provide "adequate security". 

At a minimum, businesses must implement the National Institute of Standards and Technology (NIST) SP 800-171 on any internal information systems that include “covered defense information” (CDI) by December 31, 2017. 

To have implemented NIST 800-171, a company must have conducted a self-assessment against all 110 controls, and developed a system security plan (SSP) describing how the security requirements are met, and plans of action and milestones (POA&M) on how those controls (not implemented) will  be met. 

DoD may consider how many controls are implemented in making award decisions and otherwise may require companies to implement all NIST SP 800-171 controls."

Creating the SSP and POAM can be complex and time consuming. With CyberStrong, you save hours and weeks of time that you would have spent creating these documents yourself with CyberStrong's automated POAM and SSP export. For every new contract that comes through your door, and for every existing contract, you can submit an updated set of compliance documents showing your proactive cyber resiliency aligned with NIST SP 800-171. 

Your team must also deduce what technologies to aquire to meet each requirement and how much to budget for remediation. CyberStrong's intelligent recommedation engine gives you the lowest cost next steps for NIST 800-171 compliance. Take charge of DFARS compliance with speed, agility, and a shared plan of action that is clear and cost-effective, tailored to your existing and future business.

Read customer stories.. learn how our customers take charge of dfars compliance in-house with speed and agility for the new year.


You may also like

Zero Trust Security – A Quick Guide
on January 24, 2022

Zero Trust is a security framework that requires authentication, authorization, and validation from all users, whether inside or outside the organization's network. This is ...

CyberStrong December Update
on January 20, 2022

December Product Update Crosswalks, graphics, and filters - Oh my! 🎵♪🎵 New crosswalks on frameworks and labels on graphics Helpful team filters and alerts on late status Clear ...

Kyndall Elliott
CEO's - Do You Know Where That ...
on January 3, 2022

It is no secret that cybersecurity has mystified many members of the C-suite since the function was introduced. Headlines are dominated by breaches and hearings of information ...

Jerry Layden
CyberSaint's Response to the Log4j ...
on December 23, 2021

Members of the CyberSaint Community, My name is Padraic O’Reilly, the Chief Product Officer of CyberSaint. In light of the impacts of the Log4j vulnerability on the greater ...

Padraic O'Reilly
The CEO's Guide To Understanding ...
on December 17, 2021

With high-profile data breaches and cyber incidents capturing headlines almost weekly, business leaders are getting a front-row seat to the impact cybersecurity can have on an ...

Jerry Layden
The Guide To A CEOs First ...
on December 16, 2021

One of the most significant challenges that CEOs and business-side leaders are faced with when tasked with implementing a cybersecurity program is the board-level reporting that ...

Jerry Layden