Conversations in Risk-Based Security

End of Year Compliance Requirements: Are you Prepared?

Posted by Doug Yarabinetz on Nov 21, 2017 10:38:53 AM
AdobeStock_101111513

Many industries face ever changing compliance requirements that they must maintain to continue smooth business operations. Three industries in particular face end of year mandates that require fast action if they haven’t already taken the steps to comply. Law enforcement, nuclear energy and government suppliers are all dealing with a December 31st deadline to meet these compliance rules.

Government contractors who own or operate information systems that process, store, or transmit federal controlled unclassified information have until the end of 2017 to meet DFARS compliance rules. Likewise, everyone with access to CJI including law enforcement, national security and intelligence community partners are subject to be audited to ensure compliance with applicable statutes, regulations, and policies. The CJIS Security Policy provides guidance for the creation, viewing, modification, transmission, dissemination, storage, and destruction of CJI. Finally, nuclear energy companies must be ready for the Nuclear Regulatory Commission’s Milestone 8 standards. Meeting this guidance and ensuring they can maintain a strong security posture and achieve compliance with all applicable nuclear regulations is critical.

DFARS and NIST 800-171 Compliance Mandate

DFARS requires government contractors to implement specific controls as specified by the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171. These procedural controls are designed to protect sensitive information and to facilitate the rapid reporting of cyber incidents. Non-compliance can seriously impact your ability to secure and execute your business with the federal government. Additionally, valuable information that is related to research and development will be discontinued. Are you compliant with all NIST 800-171 security controls? Have you adopted another security framework that can be aligned to NIST 800-171? These are questions you should be asking. If you have implemented a security program that follows a formal regulatory framework, you could already be exceeding the compliance requirements. Not sure where you stand? Perform a gap analysis or formal review and put together a plan to ensure your DFARS and NIST 800-171 compliance as well as an ongoing strategy to ensure the proper overall risk posture. Learn more at https://lynxgrc.com/dfars-nist-800-171-compliance-mandate/.

Milestone 8 Compliance

Are you ready for the Milestone 8 inspection? Are you in need of compliance assessment support for your efforts in meeting the Nuclear Regulatory Commission’s Milestone 8 guidance? Do you have a technology solution that enhances your efficiency for maintaining your cyber security program? Make sure your team is uniquely qualified to support NEI 08-09, NEI 13-10, R.G 5.71 control assessments and has the proper management and security certifications. If you are working with a partner, ensure they have a proven track record of direct experience within government agencies like the NRC and know the process for achieving compliance. It is possible to be safe, secure and compliant. Learn more at https://lynxgrc.com/milestone-8-compliance/.

CJIS Compliance

Law enforcement needs timely and secure access to services that provide data wherever and whenever for stopping and reducing crime. That’s why the FBI’s Criminal Justice Information Services Division (CJIS) is so important. But meeting all the compliance requirements of the CJIS security policy can be daunting. If you aren’t compliant, inspection teams will flag deficiencies until you can remediate. That means you lose access to one of the most valuable tools available for fighting crime and can be subject to sanctions. Don’t let the auditors or penetration testing teams and the inevitable assessment lock you out of one of the most valuable tools in your battery. Make sure you are CJIS compliant in advance of the auditors. If you have already been audited and are dealing with deficiencies, work with experts who have experience helping law enforcement to maintain access to this critical service. Learn more at https://lynxgrc.com/cjis-compliance/.

AdobeStock_101111513

Topics: CJIS Security Policy, CJIS Compliance, CJI, DFARS, Milestone 8, NIST 800-171