DFARS Cyber Security Compliance

The National Institute of Standards and Technology (NIST) Special Publication 800-171 Protecting Covered Defense Information (CDI) in Nonfederal Systems and Organizations, otherwise known as DFARS, outlines 14 families of security requirements for protecting the confidentiality of CDI you must meet in order to continue providing services and products to large defense organizations such as the Department of Defense.

Within those 14 families, there are 110 controls you must address. Security information and event management (SIEM), multi-factor authentication, and encryption of all data (at rest and in transit) are mandatory, as well as written policies for your security procedures and protocol.

US Cloud is NIST compliant and has an experienced team to help you craft an entire data security program integral to securing your most important information.

US Cloud data centers follow the standards set by NIST, which is a non-regulatory US Government agency in the Department of Commerce. NIST’s mission is simple yet powerful: support and develop measurement standards and technology in order to improve efficiency, facilitate trade, and enhance quality of life.

There are four reasons why NIST Compliance is important:

• Data centers are measured by their infrastructure and deployment of IT and applications
• NIST works hand-in-hand with the US government, industries, and standards bodies to boost the adoption of cloud computing by the federal government
• NIST develops standards ensuring conformity and enhancing quality of products, supporting interoperability, portability and security requirements
• NIST’s sterling reputation drives trust that the hosting experience for customers is the highest, safest quality possible

Organizations are facing blind spots in their network defenses by having a lack of network security knowledge and a lack of people with network security skills. In a recent report by Price Waterhouse Cooper the average number of security incidents increased 38% last year. And the impact of security incidents with intellectual property being stolen increased 56%.

By complying with DFARS, every organization that does business with the federal government needs to validate the level of security on its network resources by performing a security audit. DFARS supplies the controls in 800-171 to analyze any gaps that need to be addressed.

The objectives are to:

• Protect controlled unclassified information (CUI) in non federal information systems and organizations
• Ensure confidentiality, integrity, and availability of CUI
• Provide guidance for organizations to securely process, store, and transmit CUI

In working with our customers, we’re finding that most are compliant with about half of the 110 controls necessary to meet NIST 800-171. It seems like a lot of controls, but becoming compliant isn’t just good for your company, it’s also good for your bottom line.

US Cloud’s Managed Security services are ready to work with you to safeguard your network and clouds, meeting the DFARS mandate:

• Penetration Testing: You don’t know what needs better security until you try to infiltrate your own defenses. Our Certified Ethical Hackers will exploit your system’s vulnerabilities to determine whether unauthorized access or other forms of malicious, exploitative, and damaging activity is possible.
• Risk Assessment: After we identify potential vulnerabilities, we can work with you on how to implement sound data breach prevention practices for securing your sensitive information through conducting due diligence and uncovering your true cyber risk profile and security posture.
• Implement a Managed Security Plan: Cybersecurity expertise isn’t your core competency? Rest easy with US Cloud. Our managed security services led by our experienced cybersecurity professionals will take care of monitoring, analyzing, investigating and repairing your data, information and applications without you having to find, train and maintain your own security posture. We have the industry’s strongest tools for DDoS, SIEM, Endpoint, Firewall, WAF, IPS/IDS, Malware, and DLP protection.
• Deploy our Hyper Secure Cloud: Implement layered defense with our next-generation, military-encrypted stack. Need a more secure private cloud? Look no further than US Cloud.