Cybersecurity « Useful Link Tags « Virginia PTAC at George Mason University

Cybersecurity Compliance (and CMMC)

Posted by Elizabeth on September 25, 2018

Learn about NIST 800-171 requirements (currently applicable to all levels of DoD contractors including – including lower tier subcontractors): https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final
- Controlled Unclassified information (CUI): https://www.archives.gov/cui
- DoD CUI: https://www.dodcui.mil/Home/DoD-CUI-Registry/
- Training on CUI: https://www.archives.gov/cui/training.html or https://www.dodcui.mil/
Learn about Cybersecurity Maturity Model Certification (CMMC):
- Utilize Project Spectrum (funded by DoD OSBP to educate small business on CMMC): https://projectspectrum.io/ so you can be ready for future (and some current) contract requirements.
- The Office of the Under Secretary of Defense for Acquisition and Sustainment: https://www.acq.osd.mil/cmmc/
Follow the CMMC AB (accreditation body) for news: https://cmmcab.org/
TO BE COMPLIANT:
- Contact your local PTAC counselor to make sure you understand how it applies to you and the process. Virginia clients email ptac@gmu.edu if you don’t know your counselor.
- Create a System Security Plan (SSP) – template available on link #1 above from NIST
- If applicable create a Plan of Action and Milestones (POAM) – template available on link #1 from NIST
- Perform your Basic (self) Assessment against NIST 800-171: https://www.acq.osd.mil/dpap/pdi/cyber/docs/NIST%20SP%20800-171%20Assessment%20Methodology%20Version%201.2.1%20%206.24.2020.pdf
- Publish your results from the NIST 800-171 Basic (self) Assessment into the Supplier Performance Risk Management System (SPRS): https://www.sprs.csd.disa.mil/
- If applicable, locate an official Certified 3rd Party Assessment Organization (C3PAO) to perform a CMMC 2.0 level 2 assessment (get multiple quotes on the open market to see how much it will cost for the assessment): https://cmmcab.org/marketplace/

Other resources:

CMMC_Level_1_Readiness_Checklist from our colleagues at the Del Mar College PTAC
CMMC Self Assessment Checklist in Excel including POAM template
Compliance with DFARS cybersecurity clause training created by the Georgia Tech PTAC: https://gtpac.org/cybersecurity-training-video/
GENEDGE resources: https://www.genedge.org/resources/cybersecurity-materials/
Comprehensive blog article with resources: NIST and DFARS and Cyber Compliance (oh my)!
Cybersecurity update presentation featured at DoD’s Beyond Phase II Mentor-Protégé Training Week (BPIIMPTW18) conference in Orlando, August 2018
Article from National Defense Feb 2019

Posted in:

Leave a Comment (0) →

DoD Procurement Toolbox – Cybersecurity page

Posted by Elizabeth on October 27, 2017

A collection of tools and services to help you and your organization manage, enable, and share procurement information across the Department of Defense. Includes webinars and other resources on Cybersecurity, Government Furnished Property (GFP), Unique Identification (UID), and eBusiness.

Posted in:

Leave a Comment (0) →

Controlled Unclassified Information (CUI) Registry

Posted by Elizabeth on February 21, 2018

Established by Executive Order 13556, the Controlled Unclassified Information (CUI) program standardizes the way the Executive branch handles unclassified information that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government-wide policies.

Posted in:

Leave a Comment (0) →

US-CERT

Posted by Elizabeth on October 27, 2017

United States Computer Emergency Readiness Team (US-CERT) is part of the Department of Homeland Security. US-CERT serves as a centralized hub of coordination and information sharing between federal organizations and their mission includes providing boundary protection for the federal civilian executive domain and cybersecurity leadership. See here for how it can be helpful: https://ics-cert.us-cert.gov/

Posted in:

Leave a Comment (0) →

National CyberWatch Center

Posted by Elizabeth on October 27, 2017

The National CyberWatch Center is a consortium of higher education institutions, public and private schools, businesses, and government agencies focused on collaborative efforts to advance cybersecurity education and strengthen the national cybersecurity workforce.

Posted in:

Leave a Comment (0) →

FedRAMP

Posted by Elizabeth on October 27, 2017

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that saves cost, time, and staff required to conduct redundant agency security assessments.

Posted in:

Leave a Comment (0) →