Free Cyber Risk Analysis: Your Top Cyber Risks in 3 Clicks

Get Started
Request Demo

Audit Management, DFARS, Corporate Compliance and Oversight, Cybersecurity Frameworks

Resources for Suppliers - Northrop Grumman Guidance on DFARS Requirements

down-arrow

Northrop Grumman published guidance for their suppliers entitled 'cybersecurity resources for suppliers. In it, they state the requirements related to DFARS and NIST SP 800-171, specifically the creation of required compliance documents - a System Security Plan and Plan of Actions and Mitigations at a very minimum.

[Learn how our customers have tackled NIST 800-171 in-house and now manage DoD compliance on thier own with a time-efficient, cost-effective plan of action]

"Our customers, including the U.S. Government, are increasingly imposing mandatory cybersecurity measures and controls on their prime contractors and supply chain.  Department of Defense (DoD) contracts awarded since August 2015 include the Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012, which requires prime contractors and their suppliers at all tiers to provide "adequate security". 

At a minimum, businesses must implement the National Institute of Standards and Technology (NIST) SP 800-171 on any internal information systems that include “covered defense information” (CDI) by December 31, 2017. 

To have implemented NIST 800-171, a company must have conducted a self-assessment against all 110 controls, and developed a system security plan (SSP) describing how the security requirements are met, and plans of action and milestones (POA&M) on how those controls (not implemented) will  be met. 

DoD may consider how many controls are implemented in making award decisions and otherwise may require companies to implement all NIST SP 800-171 controls."

Creating the SSP and POAM can be complex and time consuming. With CyberStrong, you save hours and weeks of time that you would have spent creating these documents yourself with CyberStrong's automated POAM and SSP export. For every new contract that comes through your door, and for every existing contract, you can submit an updated set of compliance documents showing your proactive cyber resiliency aligned with NIST SP 800-171. 

Your team must also deduce what technologies to aquire to meet each requirement and how much to budget for remediation. CyberStrong's intelligent recommedation engine gives you the lowest cost next steps for NIST 800-171 compliance. Take charge of DFARS compliance with speed, agility, and a shared plan of action that is clear and cost-effective, tailored to your existing and future business.

Read customer stories.. learn how our customers take charge of dfars compliance in-house with speed and agility for the new year.

 

You may also like

April Product Update
on April 18, 2024

The CyberSaint team is dedicated to providing new features to CyberStrong and advancing the CyberStrong cyber risk management platform to address all your cybersecurity needs. ...

Bridging the Gap: Mastering ...
on April 22, 2024

In today's digital landscape, cybersecurity has become essential to corporate governance. With the increasing frequency and sophistication of cyber threats, the SEC has set forth ...

March Product Update
on March 21, 2024

The CyberSaint team is dedicated to advancing the CyberStrong platform to meet your cyber risk management needs. These latest updates will empower you to benchmark your ...

Empowering Cyber Risk Modeling ...
on March 20, 2024

The practice of cyber risk management is cyclical. You start by assessing your cyber risk environment. That step includes identifying risks and classifying them in buckets. Then, ...

Leveraging the Executive Dashboard ...
on March 27, 2024

In the fast-paced business world, CISOs and C-suite executives constantly juggle multiple responsibilities, from budgeting to strategic planning. However, in today's digital ...

NIST CSF 2.0 Updates in CyberStrong
on April 4, 2024

The National Institute of Standards and Technology’s Cybersecurity Framework (CSF) is known in cybersecurity as the gold standard framework for cybersecurity and risk guidance; it ...