SlideShare a Scribd company logo

CUI & DFARS Compliance Requirements for Contractors

Government Technology & Services Coalition
Government Technology & Services Coalition

This document summarizes information about CUI (Controlled Unclassified Information) and DFARS (Defense Federal Acquisition Regulation Supplement) compliance requirements. It notes that CUI and DFARS compliance is mandated by December 2017 or within 30 days of contract award. It defines CUI and DFARS, outlines 14 security control families required by CUI, and discusses implications of non-compliance including liability risks. Common mistakes made in compliance are also listed, such as not accounting for non-cyber aspects, using a checklist approach, and not involving leadership. Contact information is provided for questions.

Government & Nonprofit
1 of 9
Download to read offline
EmeSec Incorporated ©2017 1 Maria Horton, CISSP-ISSMP GTSC Capacity Building Day Countdown to Compliance CUI & DFARS August 17, 2017
2 We help our clients protect their mission, reputation and their growth engine by harnessing the power of security and compliance within their organization • We are a Security Solutions Company • Cloud Security and Engineering • Regulatory Compliance Services • A FedRAMP accredited 3PAO • Hold 4 ISO certifications: • ISO 9001:2015, • ISO/IEC 20000-1:2011, • ISO/IEC 27001:2013, • ISO/IEC 17020: 2012 EmeSec EmeSec Incorporated ©2017
3 • CUI and DFARS 7012 compliance is mandated • Either December 2017, or within 30 days of contract award • CUI and DFARS applies to all contractors • Prime and their subcontractors • Flow down requirements include 1099 staff as well • High tech and low tech companies CUI – Wow! 135 Days & counting …. EmeSec Incorporated ©2017
• NARA Registry http://www.archives.gov/cui/registry/category-list.html • Federal Acquisition Requirements (FAR) 52.204.21 • Defense Federal Acquisition Regulations Supplement (DFARS) 252.204.7012 • Two key requirements • (1) Adequate Security • (2) Incident Reporting • NIST SP 800-171, Rev. 1 • Published December 2016 • Made SSP a requirement for compliance Oversight & Enforcement • Controlled Unclassified Information (CUI) • Unclassified information that requires safeguarding or dissemination controls • Covered Defense Information (CDI) • Unclassified controlled technical information (CTI) or other information that requires safeguarding or dissemination controls • Covered Contractor System • An information system owned or operated by a contractor that processes, stores, or transmits Federal contract information Definitions What is CUI ? EmeSec Incorporated ©2017 4
5 CUI and DFARS Information Supply Chain Protection EmeSec Incorporated ©2017
• CUI requires compliance with 14 security control families • More complex than presented • NIST SP 800-171, Page v states: • Satisfying these requirements should not be assumed to meet NIST SP 800-53 and FIPS 200 Elements of CUI Compliance EmeSec Incorporated ©2017 Acronym Security Control Family AC Access Control AT Awareness & Training AU Audit & Accountability CM Configuration Management IA Identification & Authentication IR Incident Response MA Maintenance MP Media Protection PE Physical & Environmental PS Personnel Security RA Risk Assessment SA Security Assessment SC System & Communication Protection SI System & Information Integrity
• Why? • Today, every business is a digital business • Every business has third party and supply chain connections • Due diligence is taking the effort to avoid harm or loss through reasonable care Liability almost always comes from not demonstrating due diligence Compliance Due Diligence Liability The implications of non-compliance risks and liabilities to your company EmeSec Incorporated ©2017
8 1. CUI is more than Cyber 2. CUI is about a comprehensive InfoSec 3. CUI isn’t isolated – protect all of your data flow 4. Leadership and accountability is critical to CUI 1. Not accounting for non-cyber 2. Using a Checklist Mentality 3. Light Manufacturing Issues 4. Decision makers not in the process Common Mistakes CUI and DFARS Compliance EmeSec Incorporated ©2017
• Maria Horton, CEO • Phone: 703.429.4492/4491 • Email: info@emesec.net • @EmeSec • @mariahorton Thank you for your time! We would love to hear from you. Contact us for a free CUI primer and Tips Handout! Remember, there is still time to meet the deadline! EmeSec Incorporated ©2017 9

Recommended

How to Comply with NIST 800-171
How to Comply with NIST 800-171How to Comply with NIST 800-171
How to Comply with NIST 800-171Corserva
 
Cybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCimetrics Inc
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by SripathiPrajwal Panchmahalkar
 
Deep secure holistic protection for ICS
Deep secure holistic protection for ICSDeep secure holistic protection for ICS
Deep secure holistic protection for ICSjohnsdeepsecure
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? PECB
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGArul Nambi
 

Recommended

How to Comply with NIST 800-171
How to Comply with NIST 800-171How to Comply with NIST 800-171
How to Comply with NIST 800-171Corserva
 
Cybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCimetrics Inc
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by SripathiPrajwal Panchmahalkar
 
Deep secure holistic protection for ICS
Deep secure holistic protection for ICSDeep secure holistic protection for ICS
Deep secure holistic protection for ICSjohnsdeepsecure
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? PECB
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGArul Nambi
 
ISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityTharindunuwan9
 
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCimetrics Inc
 
It security iso 27001
It security iso 27001It security iso 27001
It security iso 27001Iris Maaß
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.IGN MANTRA
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsIgnyte Assurance Platform
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
Information Security Challenges & Opportunities
Information Security Challenges & OpportunitiesInformation Security Challenges & Opportunities
Information Security Challenges & OpportunitiesMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementationhimalya sharma
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudControlCase
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.IGN MANTRA
 
we45 ISO-27001 Case Study
we45 ISO-27001 Case Studywe45 ISO-27001 Case Study
we45 ISO-27001 Case Studywe45
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseMart Rovers
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterVishwas Manral
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 

More Related Content

What's hot

ISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityTharindunuwan9
 
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCimetrics Inc
 
It security iso 27001
It security iso 27001It security iso 27001
It security iso 27001Iris Maaß
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.IGN MANTRA
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsIgnyte Assurance Platform
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementationhimalya sharma
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudControlCase
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.IGN MANTRA
 
we45 ISO-27001 Case Study
we45 ISO-27001 Case Studywe45 ISO-27001 Case Study
we45 ISO-27001 Case Studywe45
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseMart Rovers
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB
 

What's hot (20)

ISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber Security
 
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework Cimetrics
 
It security iso 27001
It security iso 27001It security iso 27001
It security iso 27001
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
Information Security Challenges & Opportunities
Information Security Challenges & OpportunitiesInformation Security Challenges & Opportunities
Information Security Challenges & Opportunities
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementation
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
 
we45 ISO-27001 Case Study
we45 ISO-27001 Case Studywe45 ISO-27001 Case Study
we45 ISO-27001 Case Study
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training course
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
 

Viewers also liked

CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterVishwas Manral
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...Government Technology & Services Coalition
 
Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...
Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...
Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...Floyd DCosta
 
AWS Cost Optimisation Best Practices Webinar
AWS Cost Optimisation Best Practices WebinarAWS Cost Optimisation Best Practices Webinar
AWS Cost Optimisation Best Practices WebinarAmazon Web Services
 
It's Time the Data Center Gets the "Moneyball" Treatment
It's Time the Data Center Gets the "Moneyball" TreatmentIt's Time the Data Center Gets the "Moneyball" Treatment
It's Time the Data Center Gets the "Moneyball" TreatmentTeamQuest Corporation
 
Making the most of your constrained resources optimizing resource allocation ...
Making the most of your constrained resources optimizing resource allocation ...Making the most of your constrained resources optimizing resource allocation ...
Making the most of your constrained resources optimizing resource allocation ...Productivity Intelligence Institute
 
Top 5 Ways to Optimize for Cost Efficiency with the Cloud
Top 5 Ways to Optimize for Cost Efficiency with the CloudTop 5 Ways to Optimize for Cost Efficiency with the Cloud
Top 5 Ways to Optimize for Cost Efficiency with the CloudAmazon Web Services
 
Running Lean Architectures: How to Optimize for Cost Efficiency
Running Lean Architectures: How to Optimize for Cost Efficiency Running Lean Architectures: How to Optimize for Cost Efficiency
Running Lean Architectures: How to Optimize for Cost Efficiency Amazon Web Services
 
CMG2013 Workshop: Netflix Cloud Native, Capacity, Performance and Cost Optimi...
CMG2013 Workshop: Netflix Cloud Native, Capacity, Performance and Cost Optimi...CMG2013 Workshop: Netflix Cloud Native, Capacity, Performance and Cost Optimi...
CMG2013 Workshop: Netflix Cloud Native, Capacity, Performance and Cost Optimi...Adrian Cockcroft
 

Viewers also liked (11)

CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined Perimeter
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?
 
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
 
Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...
Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...
Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...
 
AWS Cost Optimisation Best Practices Webinar
AWS Cost Optimisation Best Practices WebinarAWS Cost Optimisation Best Practices Webinar
AWS Cost Optimisation Best Practices Webinar
 
Resource Optimization Strategy and Innovation
Resource Optimization Strategy and Innovation Resource Optimization Strategy and Innovation
Resource Optimization Strategy and Innovation
 
It's Time the Data Center Gets the "Moneyball" Treatment
It's Time the Data Center Gets the "Moneyball" TreatmentIt's Time the Data Center Gets the "Moneyball" Treatment
It's Time the Data Center Gets the "Moneyball" Treatment
 
Making the most of your constrained resources optimizing resource allocation ...
Making the most of your constrained resources optimizing resource allocation ...Making the most of your constrained resources optimizing resource allocation ...
Making the most of your constrained resources optimizing resource allocation ...
 
Top 5 Ways to Optimize for Cost Efficiency with the Cloud
Top 5 Ways to Optimize for Cost Efficiency with the CloudTop 5 Ways to Optimize for Cost Efficiency with the Cloud
Top 5 Ways to Optimize for Cost Efficiency with the Cloud
 
Running Lean Architectures: How to Optimize for Cost Efficiency
Running Lean Architectures: How to Optimize for Cost Efficiency Running Lean Architectures: How to Optimize for Cost Efficiency
Running Lean Architectures: How to Optimize for Cost Efficiency
 
CMG2013 Workshop: Netflix Cloud Native, Capacity, Performance and Cost Optimi...
CMG2013 Workshop: Netflix Cloud Native, Capacity, Performance and Cost Optimi...CMG2013 Workshop: Netflix Cloud Native, Capacity, Performance and Cost Optimi...
CMG2013 Workshop: Netflix Cloud Native, Capacity, Performance and Cost Optimi...
 

Similar to CUI & DFARS Compliance Requirements for Contractors

ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyControlCase
 
IT governance and Information System Security
IT governance and Information System SecurityIT governance and Information System Security
IT governance and Information System SecurityCSSRL PUNE
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdfControlCase
 
Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarMaintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarControlCase
 
CMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIBCMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIBIgnyte Assurance Platform
 
IT Risk Management & Compliance
IT Risk Management & ComplianceIT Risk Management & Compliance
IT Risk Management & Compliancerhanna11
 
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?IT Governance Ltd
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information securityElkanouni Mohamed
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...EC-Council
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?PECB
 
Security in Mergers and Acquisitions - NTT Security - Miriam Levenstein
Security in Mergers and Acquisitions - NTT Security - Miriam LevensteinSecurity in Mergers and Acquisitions - NTT Security - Miriam Levenstein
Security in Mergers and Acquisitions - NTT Security - Miriam LevensteinMiriam L
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016Prime Infoserv
 
NQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA
 
Achieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdfAchieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdfmicroteklearning21
 
Securium Solutions: Empowering Online Certification Training in Cyber Securit...
Securium Solutions: Empowering Online Certification Training in Cyber Securit...Securium Solutions: Empowering Online Certification Training in Cyber Securit...
Securium Solutions: Empowering Online Certification Training in Cyber Securit...Securium Solutions
 
SECURIUM-SOLUTIONS Best VAPT Security Company
SECURIUM-SOLUTIONS Best VAPT Security CompanySECURIUM-SOLUTIONS Best VAPT Security Company
SECURIUM-SOLUTIONS Best VAPT Security Companykeshavsecurium
 
Best Vapt Security Company Securium Solu
Best Vapt Security Company Securium SoluBest Vapt Security Company Securium Solu
Best Vapt Security Company Securium Solukeshavsecurium
 

Similar to CUI & DFARS Compliance Requirements for Contractors (20)

ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
 
IT governance and Information System Security
IT governance and Information System SecurityIT governance and Information System Security
IT governance and Information System Security
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
 
Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarMaintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish Kirtikar
 
CMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIBCMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIB
 
IT Risk Management & Compliance
IT Risk Management & ComplianceIT Risk Management & Compliance
IT Risk Management & Compliance
 
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information security
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
Security in Mergers and Acquisitions - NTT Security - Miriam Levenstein
Security in Mergers and Acquisitions - NTT Security - Miriam LevensteinSecurity in Mergers and Acquisitions - NTT Security - Miriam Levenstein
Security in Mergers and Acquisitions - NTT Security - Miriam Levenstein
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016
 
NQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA Your Risk Assurance Partner
NQA Your Risk Assurance Partner
 
Achieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdfAchieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdf
 
Securium Solutions: Empowering Online Certification Training in Cyber Securit...
Securium Solutions: Empowering Online Certification Training in Cyber Securit...Securium Solutions: Empowering Online Certification Training in Cyber Securit...
Securium Solutions: Empowering Online Certification Training in Cyber Securit...
 
Securim Solutions Pvt Ltd
Securim Solutions Pvt LtdSecurim Solutions Pvt Ltd
Securim Solutions Pvt Ltd
 
SECURIUM-SOLUTIONS Best VAPT Security Company
SECURIUM-SOLUTIONS Best VAPT Security CompanySECURIUM-SOLUTIONS Best VAPT Security Company
SECURIUM-SOLUTIONS Best VAPT Security Company
 
Best Vapt Security Company Securium Solu
Best Vapt Security Company Securium SoluBest Vapt Security Company Securium Solu
Best Vapt Security Company Securium Solu
 

More from Government Technology & Services Coalition

More from Government Technology & Services Coalition (20)

GTSC 2020 Annual Report
GTSC 2020 Annual ReportGTSC 2020 Annual Report
GTSC 2020 Annual Report
 
USBP pmod singleton gtsc bde-brief-20200219
USBP pmod singleton gtsc bde-brief-20200219USBP pmod singleton gtsc bde-brief-20200219
USBP pmod singleton gtsc bde-brief-20200219
 
GTSC Annual Report 2019
GTSC Annual Report 2019GTSC Annual Report 2019
GTSC Annual Report 2019
 
ESBG 2/14/2020
ESBG 2/14/2020ESBG 2/14/2020
ESBG 2/14/2020
 
ESBG 2/14/2020
ESBG 2/14/2020ESBG 2/14/2020
ESBG 2/14/2020
 
GTSC 2019 Annual Report
GTSC 2019 Annual ReportGTSC 2019 Annual Report
GTSC 2019 Annual Report
 
TSA's Innovation Task Force
TSA's Innovation Task ForceTSA's Innovation Task Force
TSA's Innovation Task Force
 
GTSC's Annual Report 2018
GTSC's Annual Report 2018GTSC's Annual Report 2018
GTSC's Annual Report 2018
 
GTSC's CBP Day 2019
GTSC's CBP Day 2019GTSC's CBP Day 2019
GTSC's CBP Day 2019
 
GTSC Transportation Security Day Enhancing partnerships with TSA
GTSC Transportation Security Day Enhancing partnerships with TSAGTSC Transportation Security Day Enhancing partnerships with TSA
GTSC Transportation Security Day Enhancing partnerships with TSA
 
GTSC Transportation Security Day - Enterprise Support
GTSC Transportation Security Day - Enterprise SupportGTSC Transportation Security Day - Enterprise Support
GTSC Transportation Security Day - Enterprise Support
 
GTSC Maritime & Port Security Day 2019
GTSC Maritime & Port Security Day 2019GTSC Maritime & Port Security Day 2019
GTSC Maritime & Port Security Day 2019
 
GTSC IRS Day 2019 - Criminal Investigations - Eric Hylton and Panel
GTSC IRS Day 2019 - Criminal Investigations - Eric Hylton and PanelGTSC IRS Day 2019 - Criminal Investigations - Eric Hylton and Panel
GTSC IRS Day 2019 - Criminal Investigations - Eric Hylton and Panel
 
GTSC IRS Day 2019 - Online Services at IRS - Maria Cheeks
GTSC IRS Day 2019 - Online Services at IRS - Maria CheeksGTSC IRS Day 2019 - Online Services at IRS - Maria Cheeks
GTSC IRS Day 2019 - Online Services at IRS - Maria Cheeks
 
GTSC Day Feb 28 2019 power point
GTSC Day Feb 28 2019 power pointGTSC Day Feb 28 2019 power point
GTSC Day Feb 28 2019 power point
 
GTSC Annual Report 2018
GTSC Annual Report 2018GTSC Annual Report 2018
GTSC Annual Report 2018
 
GTSC CBP Day 2018 - Roland Suliveras Slides
GTSC CBP Day 2018 - Roland Suliveras SlidesGTSC CBP Day 2018 - Roland Suliveras Slides
GTSC CBP Day 2018 - Roland Suliveras Slides
 
CBP Day 2018 - Samuel Grable Slides
CBP Day 2018 - Samuel Grable SlidesCBP Day 2018 - Samuel Grable Slides
CBP Day 2018 - Samuel Grable Slides
 
Jose Bonilla ORCA Panel GTSC's TSA Day 2018
Jose Bonilla ORCA Panel GTSC's TSA Day 2018Jose Bonilla ORCA Panel GTSC's TSA Day 2018
Jose Bonilla ORCA Panel GTSC's TSA Day 2018
 
DHS HQ Day 2018 - Barry West
DHS HQ Day 2018 - Barry WestDHS HQ Day 2018 - Barry West
DHS HQ Day 2018 - Barry West
 

Recently uploaded

The U.S. Budget and Economic Outlook (Presentation)
The U.S. Budget and Economic Outlook (Presentation)The U.S. Budget and Economic Outlook (Presentation)
The U.S. Budget and Economic Outlook (Presentation)Congressional Budget Office
 
2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos WebinarLinda Reinstein
 
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...tanu pandey
 
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...anilsa9823
 
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...tanu pandey
 
2024: The FAR, Federal Acquisition Regulations - Part 28
2024: The FAR, Federal Acquisition Regulations - Part 282024: The FAR, Federal Acquisition Regulations - Part 28
2024: The FAR, Federal Acquisition Regulations - Part 28JSchaus & Associates
 
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...Dipal Arora
 
Fair Trash Reduction - West Hartford, CT
Fair Trash Reduction - West Hartford, CTFair Trash Reduction - West Hartford, CT
Fair Trash Reduction - West Hartford, CTaccounts329278
 
PPT Item # 4 - 231 Encino Ave (Significance Only)
PPT Item # 4 - 231 Encino Ave (Significance Only)PPT Item # 4 - 231 Encino Ave (Significance Only)
PPT Item # 4 - 231 Encino Ave (Significance Only)ahcitycouncil
 
CBO’s Recent Appeals for New Research on Health-Related Topics
CBO’s Recent Appeals for New Research on Health-Related TopicsCBO’s Recent Appeals for New Research on Health-Related Topics
CBO’s Recent Appeals for New Research on Health-Related TopicsCongressional Budget Office
 
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...aartirawatdelhi
 
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...ranjana rawat
 
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...Call Girls in Nagpur High Profile
 
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up NumberMs Riya
 
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
Item # 4 - 231 Encino Ave (Significance Only).pdf
Item # 4 - 231 Encino Ave (Significance Only).pdfItem # 4 - 231 Encino Ave (Significance Only).pdf
Item # 4 - 231 Encino Ave (Significance Only).pdfahcitycouncil
 
EDUROOT SME_ Performance upto March-2024.pptx
EDUROOT SME_ Performance upto March-2024.pptxEDUROOT SME_ Performance upto March-2024.pptx
EDUROOT SME_ Performance upto March-2024.pptxaaryamanorathofficia
 
Expressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptxExpressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptxtsionhagos36
 

Recently uploaded (20)

The U.S. Budget and Economic Outlook (Presentation)
The U.S. Budget and Economic Outlook (Presentation)The U.S. Budget and Economic Outlook (Presentation)
The U.S. Budget and Economic Outlook (Presentation)
 
2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar
 
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
 
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
 
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
 
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
2024: The FAR, Federal Acquisition Regulations - Part 28
2024: The FAR, Federal Acquisition Regulations - Part 282024: The FAR, Federal Acquisition Regulations - Part 28
2024: The FAR, Federal Acquisition Regulations - Part 28
 
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
 
Fair Trash Reduction - West Hartford, CT
Fair Trash Reduction - West Hartford, CTFair Trash Reduction - West Hartford, CT
Fair Trash Reduction - West Hartford, CT
 
PPT Item # 4 - 231 Encino Ave (Significance Only)
PPT Item # 4 - 231 Encino Ave (Significance Only)PPT Item # 4 - 231 Encino Ave (Significance Only)
PPT Item # 4 - 231 Encino Ave (Significance Only)
 
CBO’s Recent Appeals for New Research on Health-Related Topics
CBO’s Recent Appeals for New Research on Health-Related TopicsCBO’s Recent Appeals for New Research on Health-Related Topics
CBO’s Recent Appeals for New Research on Health-Related Topics
 
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
 
Delhi Russian Call Girls In Connaught Place ➡️9999965857 India's Finest Model...
Delhi Russian Call Girls In Connaught Place ➡️9999965857 India's Finest Model...Delhi Russian Call Girls In Connaught Place ➡️9999965857 India's Finest Model...
Delhi Russian Call Girls In Connaught Place ➡️9999965857 India's Finest Model...
 
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
 
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
 
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
 
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
 
Item # 4 - 231 Encino Ave (Significance Only).pdf
Item # 4 - 231 Encino Ave (Significance Only).pdfItem # 4 - 231 Encino Ave (Significance Only).pdf
Item # 4 - 231 Encino Ave (Significance Only).pdf
 
EDUROOT SME_ Performance upto March-2024.pptx
EDUROOT SME_ Performance upto March-2024.pptxEDUROOT SME_ Performance upto March-2024.pptx
EDUROOT SME_ Performance upto March-2024.pptx
 
Expressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptxExpressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptx
 

CUI & DFARS Compliance Requirements for Contractors

  • 1. EmeSec Incorporated ©2017 1 Maria Horton, CISSP-ISSMP GTSC Capacity Building Day Countdown to Compliance CUI & DFARS August 17, 2017
  • 2. 2 We help our clients protect their mission, reputation and their growth engine by harnessing the power of security and compliance within their organization • We are a Security Solutions Company • Cloud Security and Engineering • Regulatory Compliance Services • A FedRAMP accredited 3PAO • Hold 4 ISO certifications: • ISO 9001:2015, • ISO/IEC 20000-1:2011, • ISO/IEC 27001:2013, • ISO/IEC 17020: 2012 EmeSec EmeSec Incorporated ©2017
  • 3. 3 • CUI and DFARS 7012 compliance is mandated • Either December 2017, or within 30 days of contract award • CUI and DFARS applies to all contractors • Prime and their subcontractors • Flow down requirements include 1099 staff as well • High tech and low tech companies CUI – Wow! 135 Days & counting …. EmeSec Incorporated ©2017
  • 4. • NARA Registry http://www.archives.gov/cui/registry/category-list.html • Federal Acquisition Requirements (FAR) 52.204.21 • Defense Federal Acquisition Regulations Supplement (DFARS) 252.204.7012 • Two key requirements • (1) Adequate Security • (2) Incident Reporting • NIST SP 800-171, Rev. 1 • Published December 2016 • Made SSP a requirement for compliance Oversight & Enforcement • Controlled Unclassified Information (CUI) • Unclassified information that requires safeguarding or dissemination controls • Covered Defense Information (CDI) • Unclassified controlled technical information (CTI) or other information that requires safeguarding or dissemination controls • Covered Contractor System • An information system owned or operated by a contractor that processes, stores, or transmits Federal contract information Definitions What is CUI ? EmeSec Incorporated ©2017 4
  • 5. 5 CUI and DFARS Information Supply Chain Protection EmeSec Incorporated ©2017
  • 6. • CUI requires compliance with 14 security control families • More complex than presented • NIST SP 800-171, Page v states: • Satisfying these requirements should not be assumed to meet NIST SP 800-53 and FIPS 200 Elements of CUI Compliance EmeSec Incorporated ©2017 Acronym Security Control Family AC Access Control AT Awareness & Training AU Audit & Accountability CM Configuration Management IA Identification & Authentication IR Incident Response MA Maintenance MP Media Protection PE Physical & Environmental PS Personnel Security RA Risk Assessment SA Security Assessment SC System & Communication Protection SI System & Information Integrity
  • 7. • Why? • Today, every business is a digital business • Every business has third party and supply chain connections • Due diligence is taking the effort to avoid harm or loss through reasonable care Liability almost always comes from not demonstrating due diligence Compliance Due Diligence Liability The implications of non-compliance risks and liabilities to your company EmeSec Incorporated ©2017
  • 8. 8 1. CUI is more than Cyber 2. CUI is about a comprehensive InfoSec 3. CUI isn’t isolated – protect all of your data flow 4. Leadership and accountability is critical to CUI 1. Not accounting for non-cyber 2. Using a Checklist Mentality 3. Light Manufacturing Issues 4. Decision makers not in the process Common Mistakes CUI and DFARS Compliance EmeSec Incorporated ©2017
  • 9. • Maria Horton, CEO • Phone: 703.429.4492/4491 • Email: info@emesec.net • @EmeSec • @mariahorton Thank you for your time! We would love to hear from you. Contact us for a free CUI primer and Tips Handout! Remember, there is still time to meet the deadline! EmeSec Incorporated ©2017 9