Resources for Suppliers - Northrop Grumman Guidance on DFARS Requirements

Northrop Grumman published guidance for their suppliers entitled 'cybersecurity resources for suppliers. In it, they state the requirements related to DFARS and NIST SP 800-171, specifically the creation of required compliance documents - a System Security Plan and Plan of Actions and Mitigations at a very minimum.

[Learn how our customers have tackled NIST 800-171 in-house and now manage DoD compliance on thier own with a time-efficient, cost-effective plan of action]

"Our customers, including the U.S. Government, are increasingly imposing mandatory cybersecurity measures and controls on their prime contractors and supply chain.  Department of Defense (DoD) contracts awarded since August 2015 include the Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012, which requires prime contractors and their suppliers at all tiers to provide "adequate security". 

At a minimum, businesses must implement the National Institute of Standards and Technology (NIST) SP 800-171 on any internal information systems that include “covered defense information” (CDI) by December 31, 2017. 

To have implemented NIST 800-171, a company must have conducted a self-assessment against all 110 controls, and developed a system security plan (SSP) describing how the security requirements are met, and plans of action and milestones (POA&M) on how those controls (not implemented) will  be met. 

DoD may consider how many controls are implemented in making award decisions and otherwise may require companies to implement all NIST SP 800-171 controls."

Creating the SSP and POAM can be complex and time consuming. With CyberStrong, you save hours and weeks of time that you would have spent creating these documents yourself with CyberStrong's automated POAM and SSP export. For every new contract that comes through your door, and for every existing contract, you can submit an updated set of compliance documents showing your proactive cyber resiliency aligned with NIST SP 800-171. 

Your team must also deduce what technologies to aquire to meet each requirement and how much to budget for remediation. CyberStrong's intelligent recommedation engine gives you the lowest cost next steps for NIST 800-171 compliance. Take charge of DFARS compliance with speed, agility, and a shared plan of action that is clear and cost-effective, tailored to your existing and future business.

Read customer stories.. learn how our customers take charge of dfars compliance in-house with speed and agility for the new year.