Six Things You Should Know About Cybersecurity Regulation
  • Six Things You Should Know About Cybersecurity Regulation
    Six Things You Should Know About Cybersecurity Regulation

    Six Things You Should Know About Cybersecurity Regulation

    With the upcoming DoD deadline to incorporate the new cybersecurity regulation items into your nonfederal information system, government contractors are attempting to meet these requirements before December 31, 2017.

    Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 stipulates that nonfederal organizations put measures in place to protect classified defense information (CDI). These measures are outlined in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Revision 1.

    Are you ready for the upcoming deadline? Here are six things you should know about the new cybersecurity regulation.


     For Accurate and Timely Results, Work with Professionals



    This is especially true if you’re in a time crunch. As a contractor, you can evaluate and select a professional IT company to provide you with high quality services to meet this cybersecurity regulation. These professionals can measure your cybersecurity risks and work with you to implement all 110 controls of NIST SP 800-171.

    Working with a professional IT provider will help you get the ball rolling much faster—not to mention more accurately—than if you were to try and meet the requirements by yourself. To get your company in gear, find an IT provider that can help.


    If You Fail to Comply, Expect Consequences

    security regulationAlthough currently the government lacks resources to audit your compliance, they may ask to see your documented security plan. If your security plan is found to be in non-compliance with cybersecurity regulation, your organization may face consequences.

    These penalties include having up to 20% of your pay withheld, your work suspended, or termination of your contract. You can avoid these consequences by ensuring compliance is met before the December 31, 2017 deadline.


    The Cost of Compliance

    professional cybersecurityCurrently, specific guidelines are lacking for how these compliance expenses will be handled. For some companies, meeting the cybersecurity regulation will only require a few tweaks in their system. For others, a complete overhaul may be needed.

    These business expenses related to compliance may be considered indirect costs; therefore, they may be allowable expenses under your contract if considered fair and reasonable. Regardless of the cost of compliance, you’ll still be expected to meet the requirements in order to continue your work for the government.


    Cybersecurity Liability Insurance Isn’t Required

    IT cybersecurityDFARS isn’t requiring contractors to purchase cybersecurity liability insurance. If you choose to purchase this insurance, the cost may or may not be allowable under your contract, depending on whether or not it’s necessary and sufficient.


    Keep in mind that even if you experience a breach and your cybersecurity insurance denies to cover the costs, there’s no guarantee that it would be an allowed expense relating to your contract for this cybersecurity regulation. Your company needs to decide whether cybersecurity liability insurance would be worth it for your contract.


    Liability Concerning Government Contractors

    Cybersecurity RegulationIt’s important to keep in mind that primary contractors of the DoD are responsible for the performance of their subcontractors; this includes subcontractors’ ability to comply with NIST SP 800-171. Primary contractors don’t always communicate things such as cybersecurity regulation to their subcontractors, but you may be liable if your subcontractors aren’t meeting the regulations.

    You can avoid penalties and help lessen your liability by communicating the NIST SP 800-171 requirements to your subcontractors before the deadline to give them a chance to meet the regulation before it’s too late.


    Contractors and Limited Cybersecurity Staffing

    cybersecurity teamCybersecurity professionals tend to be limited in the world today, where daily threats are commonplace. While it’s a challenge to keep staff on hand to help with your cybersecurity regulation needs, you are responsible for this task as a government contractor.

    You can create a balance of employees, tools, and resources to meet your cybersecurity needs. Know that the DoD won’t make an exception just because you may be having trouble finding an appropriate provider, so be sure to secure cybersecurity staff as soon as possible.

    Are you ready for the new cybersecurity regulation? You can analyze the scope of your CDI to determine what needs to happen before the deadline. Working with a provider can accelerate the process, and remember that non-compliance won’t come without consequences. You can achieve compliancy before the deadline to uphold your contracts!



    Please follow and like us: