by Geoff Pierce, CISO

Department of Defense (DoD) and Federal contractors have to navigate many compliance requirements as the cost of doing business with the government. Since December 31, 2017, DoD contractors are required to implement the 110 controls in NIST SP 800-171 (DFARS 252.204-7012). From my experience providing cybersecurity consulting services, many companies did not comply by the deadline.  

The most common excuses:  

  • I’m sure we’re compliant, we just don’t have any documentation. 
  • Our customer doesn’t require that! 
  • We don’t have any controlled unclassified information (CUI). 
  • I’ll worry about it when my Contracting Officer asks me about it.   

Fast forward to 2020 – with DoD’s Cybersecurity Maturity Model Certification (CMMC) on the horizon, it should be apparent that exercising good cybersecurity practices is not only the right thing to do, but an essential part of our business.  

Now is the time to get your cybersecurity in order.  

In the not-too-distant future, DoD will require 3rd-party certification that your cybersecurity practices comply with CMMC requirements. Waiting until you absolutely must demonstrate compliance is too latestarting to worry about cybersecurity practices a couple of weeks leading up to proposal delivery is sure path to failure!  

Implementing basic cybersecurity practices (such as the 17 CMMC Level 1 practices) is a good start for every company – even if you only have a handful of employees. Cybersecurity should be an integral part of your overall industrial security program. Viewing cybersecurity as a compliance exercise will result in a poor cybersecurity program for your company. Applying appropriate cybersecurity in your operations is good for business. By implementing good cybersecurity practicesyou are taking proactive steps to protect your company’s intellectual property, reduce the risk that your company will be victim to a breach or a scam, and along the way, you will achieve compliance with DFARS -7012 and CMMC – enabling your to bid on and execute more DoD contracts!   

Contact the Centauri Security & Cyber Services team to learn about our practical approach to implementing right-sized cybersecurity programs that are compliant with DFARS -7012 and CMMC.