Blog
3 Keys to DFARS/NIST 800-171 Cybersecurity Compliance
For federals contractor with the Department of Defense (DoD), General Services Administration (GSA), and National Aeronautics and Space Administration (NASA), the Dec. 31, 2017 deadline to comply with DFARS/NIST 800-171 or show a plan to do so has come and gone. Without compliance, your business is not only vulnerable to evolving cyberthreats but also subject to penalties and even contract termination.
These 15 new requirements, known as DFARS 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting, follow the NIST 800-171 guidelines and cover a broad range of topics, putting a significant burden on businesses to implement the right controls and be able to promptly detect and respond to imminent threats.
The question is does your company have the required tools and expertise to meet and maintain DFARS compliance in a cost-effective way, without making a ton of Capital Expenditures or hiring additional personnel?
To make the road to DFARS/NIST 800-171 compliance actionable and manageable, these 3 core areas should be part of your plan:
1. Security Information and Event Management (SIEM)
The recent compliance guidelines and threats pose the need for all organizations to analyze and correlate security data. At an enhanced level, systems are required to alert, aggregate, and provide notification when there is a danger to the organization. That technology is called SIEM, or security information and event management, and it makes deep-security intelligence available for your IT practice well past the typical tools for cybersecurity, such as malware and antivirus software, as well as other security appliances, such as a firewall. SIEM’s major function is the quickest notifications of crucial events by aggregating and correlating log activity from nearly all devices within your network. Regardless of whether it was managed or outsourced, a SIEM is a crucial tool required to pinpoint and correct any security issues. The significance of having a SIEM solution that is outsourced is it works with a subscription OpEx model at a fraction of the price.2. Security Operations Center (SOC)
A cybersecurity expert is required by many of the compliance standards and regulations to go through logs and events frequently. This is known as SOC or Security Operations Center where there are actual humans with the goal of constantly going through alerts provided by SIEM. This also includes activity logs from all devices to search for trends that are suspicious and decide if any of the alerts reported should be escalated for an instant incident response. Regardless of the review frequency, ensuring this staff level is maintained in-house becomes critically cost-prohibitive. Again, outsourcing this function to a third-party SOC-as-a-service provider (SOCaaS) with proper qualifications is a great option. CAUTION: If evaluating other vendors, be sure that you select a vendor that has 100% US-based staff.3. Follow a Layered Security Approach
Just like security in the home, you can’t depend solely on security cameras and door locks to reduce the possibility of intruders. There can be numerous points of entry and blind spots to your home. The same can be said about cybersecurity. Attacks may come in through malicious sites, e-mails, remote workers, poorly configured firewalls, etc. Having more than one line of defense for your IT structure is the best method of reducing the possibility of a security breach. Your business should maintain and implement the following at a minimum:- Firewall
- Virtual private networks (VPNs)
- DNS level monitoring
- Cybersecurity awareness training at regular intervals and phishing simulations
- Software patching and updating
- Password managers
- Antivirus and antimalware protection