Military Contractors

Military/Defense Contractors

All defense contractors and sub-contractors who process controlled defense information (CDI) are required to meet the DFARS Part 252.204-7012 is also known as Safeguarding Covered Defense Information and Cyber Incident Reporting.

Cyberstone has developed a program custom-designed for helping manufacturers and machines shops meet DFARS compliance. The DFARS cybersecurity regulation really is just a pointer to the NIST SP800-171 cybersecurity framework which has fourteen functional areas as displayed below.

The 14 NIST SP800-171 Requirements

Access Control – Least privilege, separation of duties, limit unsuccessful login attempts, screen lock after a certain time, encrypt CUI on mobile devices, wireless must have password
Awareness & Training – Security awareness training, training on malicious insider threats (online or in-person)
Audit & Accountability – Each user’s actions must be able to be uniquely traced, synchronization of IT systems’ clocks, correlation of logs from different systems
Configuration Management – Server and workstation images that are hardened, application white/blacklisting
Identification & Authentication – Multifactor authentication, unique user accounts (not shared), minimum password complexity
Incident Response – Written framework unique to each organization’s requirements. Must be regularly tested.
Maintenance – Sanitize systems of CUI when it’s not needed anymore, check media with diagnostic/test programs for malicious code before used in an information system.
Media Protection – Mark media with CUI as having CUI, lock drawers of paper with CUI, encrypt media, prohibit portable devices that don’t have an identifiable owner
Physical Protection – Escort visitors, log physical building / room access, ensure teleworker sites (work from home) are secure
Personnel Security – Background checks, pre-employment screening
Risk Assessment – Vulnerability scanning, periodic risk assessments
Security Assessment – Periodically assess technical controls, monitor and assess the effectiveness of security controls (Penetration Testing)
System and Communication Protection – Explicit deny-all, encryption at rest and in motion, effective subnetting
System & Information Integrity – Protect from malicious code (AV/anti-malware), SIEM / IPS to detect unauthorized use of systems

The process for helping military contractors comply is as follows:

Step 1: Gap Assessment

What does the regulation say I need to be doing vs. what I’m doing today?

Step 2: Create an Incident Response Plan

Preparation
Discovery
Notification
Analysis
Containment
Restoration

Step 3: Implement Changes based on Gap Analysis

Written information security polices
Implementation of hardware and software
Network segmentation
Encryption

Contact Us

Why Choose Us?

Cyberstone offers competitive pricing to end users because we don’t carry the burden of a direct sales force. By leveraging our channel partners located all around the United States, we solve the needs of companies in any vertical, geographic location, and regulatory environment.