<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo

Audit Management, DFARS, Corporate Compliance and Oversight, Cybersecurity Frameworks

Resources for Suppliers - Northrop Grumman Guidance on DFARS Requirements

down-arrow

Northrop Grumman published guidance for their suppliers entitled 'cybersecurity resources for suppliers. In it, they state the requirements related to DFARS and NIST SP 800-171, specifically the creation of required compliance documents - a System Security Plan and Plan of Actions and Mitigations at a very minimum.

[Learn how our customers have tackled NIST 800-171 in-house and now manage DoD compliance on thier own with a time-efficient, cost-effective plan of action]

"Our customers, including the U.S. Government, are increasingly imposing mandatory cybersecurity measures and controls on their prime contractors and supply chain.  Department of Defense (DoD) contracts awarded since August 2015 include the Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012, which requires prime contractors and their suppliers at all tiers to provide "adequate security". 

At a minimum, businesses must implement the National Institute of Standards and Technology (NIST) SP 800-171 on any internal information systems that include “covered defense information” (CDI) by December 31, 2017. 

To have implemented NIST 800-171, a company must have conducted a self-assessment against all 110 controls, and developed a system security plan (SSP) describing how the security requirements are met, and plans of action and milestones (POA&M) on how those controls (not implemented) will  be met. 

DoD may consider how many controls are implemented in making award decisions and otherwise may require companies to implement all NIST SP 800-171 controls."

Creating the SSP and POAM can be complex and time consuming. With CyberStrong, you save hours and weeks of time that you would have spent creating these documents yourself with CyberStrong's automated POAM and SSP export. For every new contract that comes through your door, and for every existing contract, you can submit an updated set of compliance documents showing your proactive cyber resiliency aligned with NIST SP 800-171. 

Your team must also deduce what technologies to aquire to meet each requirement and how much to budget for remediation. CyberStrong's intelligent recommedation engine gives you the lowest cost next steps for NIST 800-171 compliance. Take charge of DFARS compliance with speed, agility, and a shared plan of action that is clear and cost-effective, tailored to your existing and future business.

Read customer stories.. learn how our customers take charge of dfars compliance in-house with speed and agility for the new year.

 

You may also like

Why You Need CIS Controls for ...
on June 17, 2022

The Center for Internet Security (CIS) is a non-profit organization that helps public sectors and private sectors improve their cybersecurity. The organization aims to help small, ...

Small Business Cybersecurity ...
on June 15, 2022

To achieve peace of mind in the modern threat landscape, small business owners must have a solid security strategy and budget in place. VIPRE’s SMB Security Trends report state ...

Do Small Businesses and Startups ...
on June 10, 2022

Did you know that about 60% of small businesses shut down within 6 months by falling victim to a data breach or cyber-attack, where the average global breach cost hovers at $3.62 ...

A Pocket Guide to ISO 27001
on June 9, 2022

Let’s begin with the complete title of what’s referred to as ISO 27001. It is officially known as “ISO/IEC 27001." If you're looking to have your company certified, you'll need to ...

Benefits Of An Automated Security ...
on June 6, 2022

Proactive recognition, remediation, and mitigation of security threats are rising challenges for global businesses today. Security risk assessment is an integral part of this ...

Kyndall Elliott
The Top 5 Automated Risk ...
on June 1, 2022

Automated risk assessment tools help you assess information security risks and related metrics in real-time based on the available data internally and externally. Connecting the ...