WHAT IS CUI?
Controlled Unclassified Information encompasses many different types of sensitive, but not classified, information. Personally identifiable information such as health documents, proprietary material and information related to legal proceedings would all count as CUI.
WHAT IS DFARS?
DFARS is the Defense Federal Acquisition Regulation Supplement that lists a minimum set of technology security standards for the basic safeguarding of contractor information systems that process store or transmit Federal contract information.
HERE’S AN EXAMPLE:
You own a HVAC business and you’re working on a series of buildings at Fort Meade. The plans and schematics of that system is considered CUI and could be valuable to hackers abroad. Those hackers know the government’s information systems are well protected. They also know that your network is not held to the same standard. They can and will attack your network to obtain that information. DFARS compliance closes the loophole in the eyes of the Feds.
HOW TO BECOME DFARS COMPLIANT:
The set of minimum cybersecurity standards are described in NIST Special Publication 800-171 and broken down into fourteen areas:
- Access Control Media
- Awareness & Training
- Audit & Accountability
- Configuration Management
- Identification & Authentication
- Incident Response
- Maintenance
- Media Protection
- Personnel Security
- Physical Protection
- Risk Assessment
- Security Assessment
- System & Communications Protection
- System & Information Integrity
The details on each area are laid out in a 68 page document found here: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r2.pdf
We suggest working with a quality Managed-IT Service Provider on an ongoing basis which will:
- Ensure you are DFARS compliant
- Properly functioning firewall
- Anti-virus and other security tools
- Automatic software updates to your network
- Provide 24/7 monitoring and maintenance of your systems
- Establish a business continuity plan in times of disaster
- Eliminate downtime
- Maintain effective communications across your workforce
- Create a technology map and plan for growth aligning technology with your business
Eliminate IT Frustration! KNOW that you are DFARS Compliant! Contact Certified CIO today!