Article posted: Dec 22, 2017
By Marcus Hartwig, Versasec GM Americas
Like every industry, it's an imperative for government agencies to safeguard their data, and many agencies are extending their security requirements right down the line to their suppliers and contractors.
For example, new government regulations going into effect at the end of 2017 are mandating that companies working with the U.S. Department of Defense (DOD) comply with its data security guidelines. Simply put, suppliers and contractors to the DOD must either meet the requirements of the mandate, known as the Defense Federal Acquisition Regulation Supplement (DFARS), by December 31 -- or risk losing their government contracts. Those not in compliance by the time 2018 rolls around - just days from now - will not be allowed to bid on nor win new contracts with the DOD.
It's important to note that while the DFARS rules are targeted directly at contractors and suppliers, they also extend through the complete supply chain. That means businesses working with the DOD must ensure that their own suppliers and contactors are in compliance as well. The rules are centered around "controlled unclassified information," or CUI.
Also, important to note is that the rules are not limited solely to private sector companies working with the DOD. Independent research groups, colleges and universities that may work with the government through partnerships, and even other state and municipal governments must comply if they have access to CUI data.
A key provision of the 14 identified by DFARS relates to being able to accurately identify anyone accessing CUI data (access controls). Contractors, suppliers and others must be able to show they have a security system plan that includes, among other things, information about their access management. To learn more, visit the National Institute of Standards and Technology site and view special publication 800-171 which addresses the protection of CUI.
One of the best solutions for solving the issue of controlling system access so only authorized personnel, devices, transactions and the like have access is virtual smart cards, or VSCs, which allow companies working with the government (and in the private sector as well) to quickly and easily implement strong authentication at a low cost.
If you'd like to better understand how Versasec is helping other contractors become compliant with DFARS and how we can help your organization become compliant as well, reach out to us here: https://versasec.com/ and click on the "chat" button.
December 31 and the DFARS deadline is right around the corner. Will your organization be ready?