InvestorsHub Logo
Boards
News
Market Data
Markets
Discover
Discover
Subscribe Login/Register
S&P 500
5,303.27
(
0.12%
)
US TECH 100
18,058.40
(
-0.12%
)
Dow Jones
40,003.59
(
0.34%
)
Brent Oil
83.72
(
0.61%
)
Bitcoin
66,918.34
(
2.57%
)
Post# of 235036
Next 10
Reply Private New
Public Reply Private Reply New Post
Keep Last Read
Replies (3) Keep Next 10 Report Keyboard Shortcuts
Replies (3) Next 10 Prev Next

Gold49er

Send PM Follow Ignore
Followers 31
Posts 1459
Boards Moderated 0
Alias Born 09/08/2012

Gold49er

Re: ZPaul post# 167552

Monday, 06/05/2017 2:58:54 PM

Monday, June 05, 2017 2:58:54 PM

Post# of 235036
DFARS MFA Compliance by Dec. 2017


Taking Steps Toward DFARS Compliance: Multi-Factor Authentication

http://blog.cybersheath.com/taking-steps-toward-dfars-compliance-multi-factor-authentication

As previously discussed in the CyberSheath blog, government contractors who process, store or transmit Covered Defense Information (CDI) are required by DFARS 252.204-7008 to comply with the 14 control families of the NIST SP 800-171 by December 2017. The clause dictates the security requirements specified by DFARS 252.204-7012 for Safeguarding Covered Defense Information and Cyber Incident Reporting. The intention of the directive is to ensure the safeguards implemented to protect CDI are consistent across nonfederal information systems as they relate to work contracted by the US government.


The regulation anticipates the addition of these controls are not intended to impose burden by requiring additional systems or incurring additional expenses in order to acquire government contracts. Although the 800-171 is derived from FIPS 200 and NIST 800-53; the new control set is intended to remove the overhead of the controls specifically geared toward federal agencies. It was expected the majority of contractors would only need to implement and update policies in order to comply. While this may be valid for contractors who have a security baseline implemented that includes many components of the recommendations of FIPS 200 or NIST 800-53, it may not be true for all. Unfortunately for those that do not, this regulation may prove to be a challenging and expensive endeavor.

One of the direct requirements imposed by the 800-171 is the need for Multi-Factor Authentication (MFA). This necessity applies to all privileged account access and users who access network resources where Controlled Unclassified Information (CUI) exists, or CDI as defined by the DFARS clause. Additionally, this applies for any users who access the network remotely by means of remote access connections. These are described in the following ‘derived security requirements’ from both the ‘Identification and Authentication’ and ‘Maintenance’ control families of the NIST 800-171:
Public Reply Private Reply New Post
Keep Last Read
Replies (3) Keep Last Read Next 10 Report Keyboard Shortcuts
Replies (3) Next 10 Prev Next
Volume:
Day Range:
Bid:
Ask:
Last Trade Time:
Total Trades:
  • 1D
  • 1M
  • 3M
  • 6M
  • 1Y
  • 5Y
Detailed Quote
Recent ZRFY News
More ZRFY News
InvestorsHub NewsWire

FEATURED Music Licensing, Inc. (OTC: SONG) Subsidiary Pro Music Rights Secures Final Judgment of $114,081.30 USD, Demonstrating Strength of Licensing Agreements May 17, 2024 11:00 AM

Greenlite Ventures Inks Deal to Acquire No Limit Technology GRNL May 17, 2024 3:00 PM

VPR Brands (VPRB) Reports First Quarter 2024 Financial Results VPRB May 17, 2024 8:04 AM

ILUS Provides a First Quarter Filing Update ILUS May 16, 2024 11:26 AM

Cannabix Technologies and Omega Laboratories Inc. enter Strategic Partnership to Commercialize Marijuana Breathalyzer Technology BLO May 16, 2024 8:13 AM

Avant Technologies to Revolutionize Data Center Management with Proprietary AI Software Platform AVAI May 16, 2024 8:00 AM

Start posting your company's news
Only $200 per official company press release!