<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo

Audit Management, DFARS, Corporate Compliance and Oversight, Cybersecurity Frameworks

Resources for Suppliers - Northrop Grumman Guidance on DFARS Requirements

down-arrow

Northrop Grumman published guidance for their suppliers entitled 'cybersecurity resources for suppliers. In it, they state the requirements related to DFARS and NIST SP 800-171, specifically the creation of required compliance documents - a System Security Plan and Plan of Actions and Mitigations at a very minimum.

[Learn how our customers have tackled NIST 800-171 in-house and now manage DoD compliance on thier own with a time-efficient, cost-effective plan of action]

"Our customers, including the U.S. Government, are increasingly imposing mandatory cybersecurity measures and controls on their prime contractors and supply chain.  Department of Defense (DoD) contracts awarded since August 2015 include the Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012, which requires prime contractors and their suppliers at all tiers to provide "adequate security". 

At a minimum, businesses must implement the National Institute of Standards and Technology (NIST) SP 800-171 on any internal information systems that include “covered defense information” (CDI) by December 31, 2017. 

To have implemented NIST 800-171, a company must have conducted a self-assessment against all 110 controls, and developed a system security plan (SSP) describing how the security requirements are met, and plans of action and milestones (POA&M) on how those controls (not implemented) will  be met. 

DoD may consider how many controls are implemented in making award decisions and otherwise may require companies to implement all NIST SP 800-171 controls."

Creating the SSP and POAM can be complex and time consuming. With CyberStrong, you save hours and weeks of time that you would have spent creating these documents yourself with CyberStrong's automated POAM and SSP export. For every new contract that comes through your door, and for every existing contract, you can submit an updated set of compliance documents showing your proactive cyber resiliency aligned with NIST SP 800-171. 

Your team must also deduce what technologies to aquire to meet each requirement and how much to budget for remediation. CyberStrong's intelligent recommedation engine gives you the lowest cost next steps for NIST 800-171 compliance. Take charge of DFARS compliance with speed, agility, and a shared plan of action that is clear and cost-effective, tailored to your existing and future business.

Read customer stories.. learn how our customers take charge of dfars compliance in-house with speed and agility for the new year.

 

You may also like

How Does FAIR Fit into ...
on September 26, 2022

The Factor Analysis of Information Risk (FAIR) methodology breaks down risk into elements that organizations can compute, understand, analyze and quantify cyber threats and their ...

All-in-One Cybersecurity Board ...
on September 19, 2022

CISOs and Board Members can no longer ignore the importance of cybersecurity. New cyber attacks and threats surface every week and threaten the security of business operations. ...

Rules for Effective Cyber Risk ...
on September 12, 2022

Cybersecurity threats are becoming more challenging for businesses. According to PurpleSec’s Cyber Security Trend Report in 2021, cybercrime surged by 600% during the pandemic, ...

A Pocket Guide to Factor Analysis ...
on September 14, 2022

FAIR, short for Factor Analysis of Information Risk, is a risk quantification methodology founded to help businesses evaluate information risks. FAIR is the only international ...

Your Guide to Cyber Risk ...
on August 30, 2022

During the pandemic, online businesses flourished as people turned to e-commerce stores to shop from the comfort and safety of their homes. This unprecedented expansion of ...

Pros and Cons of Continual ...
on July 22, 2022

The cybersecurity landscape is constantly changing with the hackers that threaten this industry continually advancing their attack techniques. According to the Sophos 2022 Threat ...