Monday, June 05, 2017 2:58:54 PM
Taking Steps Toward DFARS Compliance: Multi-Factor Authentication
http://blog.cybersheath.com/taking-steps-toward-dfars-compliance-multi-factor-authentication
As previously discussed in the CyberSheath blog, government contractors who process, store or transmit Covered Defense Information (CDI) are required by DFARS 252.204-7008 to comply with the 14 control families of the NIST SP 800-171 by December 2017. The clause dictates the security requirements specified by DFARS 252.204-7012 for Safeguarding Covered Defense Information and Cyber Incident Reporting. The intention of the directive is to ensure the safeguards implemented to protect CDI are consistent across nonfederal information systems as they relate to work contracted by the US government.
The regulation anticipates the addition of these controls are not intended to impose burden by requiring additional systems or incurring additional expenses in order to acquire government contracts. Although the 800-171 is derived from FIPS 200 and NIST 800-53; the new control set is intended to remove the overhead of the controls specifically geared toward federal agencies. It was expected the majority of contractors would only need to implement and update policies in order to comply. While this may be valid for contractors who have a security baseline implemented that includes many components of the recommendations of FIPS 200 or NIST 800-53, it may not be true for all. Unfortunately for those that do not, this regulation may prove to be a challenging and expensive endeavor.
One of the direct requirements imposed by the 800-171 is the need for Multi-Factor Authentication (MFA). This necessity applies to all privileged account access and users who access network resources where Controlled Unclassified Information (CUI) exists, or CDI as defined by the DFARS clause. Additionally, this applies for any users who access the network remotely by means of remote access connections. These are described in the following ‘derived security requirements’ from both the ‘Identification and Authentication’ and ‘Maintenance’ control families of the NIST 800-171:
Recent ZRFY News
- Form NT 10-Q - Notification of inability to timely file Form 10-Q or 10-QSB • Edgar (US Regulatory) • 05/16/2024 07:03:19 PM
- Partnership to Offer Enhanced Cybersecurity Solutions • AllPennyStocks.com • 05/22/2023 02:45:00 PM
FEATURED Music Licensing, Inc. (OTC: SONG) Subsidiary Pro Music Rights Secures Final Judgment of $114,081.30 USD, Demonstrating Strength of Licensing Agreements • May 17, 2024 11:00 AM
Greenlite Ventures Inks Deal to Acquire No Limit Technology • GRNL • May 17, 2024 3:00 PM
VPR Brands (VPRB) Reports First Quarter 2024 Financial Results • VPRB • May 17, 2024 8:04 AM
ILUS Provides a First Quarter Filing Update • ILUS • May 16, 2024 11:26 AM
Cannabix Technologies and Omega Laboratories Inc. enter Strategic Partnership to Commercialize Marijuana Breathalyzer Technology • BLO • May 16, 2024 8:13 AM
Avant Technologies to Revolutionize Data Center Management with Proprietary AI Software Platform • AVAI • May 16, 2024 8:00 AM