• Email
  • Facebook
  • LinkedIn
  • Twitter
  • Vimeo
Contact Us

Manufacturer's Edge

Transforming Colorado One Company at a Time

  • About Us
    • Staff and Locations
    • Board of Directors
    • Third Party Providers
  • Services
    • Cybersecurity
    • Continuous Improvement
    • Technology Acceleration
    • Supplier Development
    • Sustainable Practices
    • Workforce Development
    • Online Programs
  • Events
  • News & Resources
    • Manufacturing Minutes Newsletter
    • Success Stories
    • Colorado Manufacturing Data Dashboard
    • Congressional District Fact Sheets
  • Manufacturers Connect
You are here: Home / Cybersecurity / Simply Cyber (vol 16) – All Aboard: Destinations DFARS Compliance and NIST 800-171 Rev 2!

Simply Cyber (vol 16) – All Aboard: Destinations DFARS Compliance and NIST 800-171 Rev 2!

The Department of Defense is launching an acquisitions and procurement model that specifically targets supply chain security and is bringing in third-party auditors to promote enforcement. The draft version of NIST 800-171 Rev 2 (the promised next iteration of the DFARS 7012 clause enforcement effort) was released for comment on 19 June 2019. A companion piece, NIST SP 800-171B, which includes 32 recommended tools to address advanced persistent threats (APTs), was also released. The APT threats are often from nation-state or similar bad actors that have the resources to gain entry into an information system and quietly collect information or access privileges over a longer period of time—even years after the initial breach. The particular concern with these more sophisticated threats is that higher level information, including intellectual property and national security information, are generally at risk.

With the second revision, DoD will take more direct action to validate and evaluate the cybersecurity condition of its supply chain beyond the prime contractor level. The three pillars of procurement—cost, performance, and schedule—will remain the factors by which competing proposals are evaluated. In order to qualify for competition—basically, in order to be considered —proposers will first be evaluated on, and certified according to, their cybersecurity level of maturity. The five maturity levels are described in the DoD’s Cybersecurity Maturity Model (CMM). In order to compete on a given DoD solicitation, proposers will have to have a certification level equal to or greater than that identified in the solicitation (Sections L and M).

The DOD 5000 acquisitions document is currently scheduled for release in July 2019, with sections L & M significantly updated to define cybersecurity items. The aggressive timeline shows September 2020 as the vendor target for meeting the required security level contained in a DoD solicitation will be the basis for a go/no-go decision on further consideration. Companies that have been proactive about working through the current NIST 800-171 guidelines to develop their plan of action and milestones (POAM) will have an edge over competitors who are still pondering whether to board the NIST 800-171 train.

How will I pay for this?
The DoD relies on the diversity, resiliency, and security of its industrial base. The size of that base has eroded over the past decade, however, and multiple cyber breaches point to the need for DoD to invest in its supply chain’s security efforts. In some cases, and likely dependent on the contracting vehicle structure (e.g., time and materials, cost-plus), costs related to cybersecurity improvement will be allowable by DoD. Additional details will be forthcoming at the series of information sessions being planned this summer for 12 US cities. According to DoD’s Katie Harrington (staffer to Kevin Fehey, Assistant Secretary for Defense Acquisition, Office of Undersecretary of Defense for Acquisition and Sustainment), the CMM Certification program will use “third-party cybersecurity certifiers and a semi-automated tool to conduct audits, collect metrics, inform risk mitigation for the entire supply chain.”

 

©2019 Manufacturer’s Edge

Consulting

Featured Consulting

Company transformations

Training

Training

Results-driven training

Events

Events

Browse upcoming events

Success Story

Success Story
Colorado-Based Natural Skincare Company Spinster Sisters Turns to Local MEP Center to Increase Throughput and Meet Hand Sanitizer Demand

In the early 90s, Kelly Perkins had growing concerns about the toxic chemicals being used in everyday products and decided to do something about it. Instead of using popular ingredients like triclosan, which has since been banned, Kelly started making soaps out of things like olive oil and fermented

Increased Sales
50,000
Retained Sales
68,000
Cost Savings
24,000
Jobs Saved
2
Read Full Story
Manufacturer's Edge
Manufacturer's Edge
1667 Cole Blvd, Suite 400
Lakewood, Colorado 80401
info@manufacturersedge.com

Click here to find our staff & locations
Sign Up for Email Updates
For Email Marketing you can trust.

© 2022 · Manufacturer's Edge All Rights Reserved

Phone: 303.592.4087

  • About Us
    ▼
    • Staff and Locations
    • Board of Directors
    • Third Party Providers
  • Services
    ▼
    • Cybersecurity
    • Continuous Improvement
    • Technology Acceleration
    • Supplier Development
    • Sustainable Practices
    • Workforce Development
    • Online Programs
  • Events
  • News & Resources
    ▼
    • Manufacturing Minutes Newsletter
    • Success Stories
    • Colorado Manufacturing Data Dashboard
    • Congressional District Fact Sheets
  • Manufacturers Connect