Upgrade Your IT Company. Tallahassee (850) 783-3012   |   Jacksonville (904) 513-9006   |   Virginia Beach (757) 349-8768
Tallahassee (850) 783-3012Jacksonville (904) 513-9006Virginia Beach (757) 349-8768

What Information Systems Are Subject to “Basic Safeguarding” Cybersecurity Requirements?

According to Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, all contractors working with the department of defense must take adequate measures to ensure “basic safeguarding” measures are in place to safeguard information systems that process, store, or transmit covered defense information.

According to Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, all contractors working with the department of defense must take adequate measures to ensure “basic safeguarding” measures are in place to safeguard information systems that process, store, or transmit covered defense information.

The rule outlines various controls for covered information systems, including but not limited to the following:

  • Limiting information system access to the types of transactions and functions authorized users are allowed to execute.
  • Implementing physical security controls, such as video surveillance and audit logs of physical access to the premises.
  • Monitoring and protecting all information transmitted or received via information systems at the external and internal boundaries of the systems.

Contractors are required to implement NIST SP 800-171 as soon as practical, however, if you haven’t done so yet, you’ve missed the deadline of December 31st, 2017. NIST SP 800-171 was developed to further push the development of information security standards and guidelines for federal information systems.

Under NIST SP 800-171, there are various security requirements organized into 14 control families. Companies must implement not only those security requirements but also document the implementation of them. The problem is, many contractors aren’t sure which information systems handle covered defense information.

Do you know exactly which information systems are handling covered defense information? Don’t risk losing your DoD contracts because of an oversight!

Covered defense information refers to any unclassified controlled technical information or other unclassified information that is:

  • Provided to the contractor by or on behalf of DOD in support of the contract and marked/identified in the contract, task order, or delivery order.
  • Created, received, transmitted, used or stored by or on behalf of the contractor in support of the contract.

The term ‘Information systems’ can encompass a wide range of equipment – from communication platforms to Internet-connected devices – and it’s vital to make sure you’re safeguarding covered defense information on ALL information systems.

Click here or fill out the form to book a cybersecurity review to ensure you’re safeguarding covered defense information on ALL information systems.

We have extensive experience completing NIST SP 800-171 assessments, IT security audits, and delivering cybersecurity best practices in both private and public-sector environments of all sizes. Our team will perform a thorough review to ensure you’re implementing necessary safeguarding measures on ALL information systems.

If you have any questions, feel free to give us a call at (850) 783-3012. If you have any doubt in your mind that you’ve addressed all information systems handling covered defense information, click here or fill out the form immediately.