Copyright 2014 DIB ISAC.net All rights reserved. DIB ISAC is a trademark of DIB ISAC.
The new DFARS Subpart 204.73 gives protocols for “contracts and subcontracts requiring safeguarding of unclassified controlled technical information resident on or transiting through contractor unclassified information systems.” The definition of controlled technical information is broad and should concern all members of the Defense Industrial Base contractor community.
In DIB ISAC’s early identification of the ripple effect of DFARS 204.73, DIB ISAC consulted with government and private industry to resolve the gap between policy and compliance/execution/verification.
Through discussions with industry, DIB ISAC realized that large prime contractors did not feel it was their responsibility to verify or maintain verification of compliance to the new DFAR requirements for small to mid-size firms that bid on their contracts; likewise, small businesses generally don’t have the capability to internally verify DFARS compliance. When asked about guidance, the Program Protection office of DoD AT&L pointed to the 51 security controls from NIST SP 800-53 outlined in the clause.
To fill the gap, DIB ISAC developed and utilizes the proprietary CyberVerify™ program, based on the NIST framework and specifically to those controls from the NIST SP 800-53 contained in the clause., to provide a small businesses the ability to verify compliance to DFARS Subpart 204.73.
It’s not a certification or accreditation program, but rather a verification program. CyberVerify™ enables small businesses to confidently comply with DFARS requirements and give their primes, teaming partners and the government CyberConfidence™ in their systems.
We will also assist with the reporting requirements as outlined in the clause as well as the resources needed to contain a breach and secure your systems as required to support post incident damage assessments.