This video provides a step-by-step guide on how government contractors can achieve compliance with the cybersecurity requirements established by the U.S. Department of Defense (DoD), specifically Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012, entitled “Safeguarding Covered Defense Information and Cyber Incident Reporting.”
DFARS Clause 252.204-7012 – This contract clause, entitled “Safeguarding Covered Defense Information and Cyber Incident Reporting,” is included in all DoD solicitations and contracts, including solicitations and contracts using FAR Part 12 procedures for the acquisition of commercial items, except for solicitations and contracts solely for the acquisition of commercial-off-the-shelf items.
NIST SP 800-171 Rev. 1 – Entitled “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations,” this National Institute of Standards and Technology (NIST) publication provides federal agencies with recommended requirements for protecting the confidentiality of Controlled Unclassified Information (CUI).
Cybersecurity Self-Assessment Handbook – The National Institute of Standards and Technology (NIST) Manufacturing Extension Partnership (MEP) Cybersecurity Self-Assessment Handbook was developed to assist U.S. manufacturers who supply products to the DoD implement NIST SP 800-171 as part of the process for ensuring compliance with DFARS Clause 252.204-7012. It should be noted that this Handbook can be utilized by any DoD contractor to help them conduct an assessment of their NIST SP 800-171 compliance.
Cybersecurity Template – This is a 127-page template, developed by the Georgia Tech Procurement Assistance Center (GTPAC), designed to help contractors create a Security Assessment Report, System Security Plan, and Plan of Action. The template is a Word document, designed for easy customization. It is intended to be used in conjunction with the NIST-MEP Cybersecurity Self-Assessment Handbook linked above.
The video and template linked above were funded through a cooperative agreement with the Defense Logistics Agency, and created with the support of the Georgia Institute of Technology. The content of the video presentation does not necessarily reflect the official views of or imply endorsement by the U.S. Department of Defense, the Defense Logistics Agency, or Georgia Tech.
For further assistance with complying with DoD’s contractual cybersecurity requirements, please feel free to contact a GTPAC Procurement Counselor. A list of Counselors, their locations, and contact information can be found at: http://gtpac.org/team-directory.
Companies located outside the state of Georgia may contact their nearest Procurement Technical Assistance Center (PTAC) for assistance with government contracting matters. PTACs are located in all 50 states, the District of Columbia, Guam, and Puerto Rico. Find a directory of PTACs at: http://www.aptac-us.org/find-a-ptac.
GTPAC is a part of the Enterprise Innovation Institute (EI2), Georgia Tech’s business outreach organization which serves as the primary vehicle to achieve Georgia Tech’s goal of expanded local, regional, and global outreach. EI2 is the nation’s largest and most comprehensive university-based program of business and industry assistance, technology commercialization, and economic development.