dfars/nist 800-171 program overviewpwp.gatech.edu/.../08/dfars-nist-adr-presentation-080317.pdf ·...

DFARS/NIST 800-171 PROGRAM OVERVIEW JUNE 22, 2017

Upload: others

Post on 30-May-2020

14 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

DFARS/NIST 800-171 PROGRAM OVERVIEW

J U N E 2 2 , 2 0 1 7

NIST Special Publication 800-171 – Protection Controlled Unclassified Information in Nonfederal Information Systems and Organizations (NIST 800-171)

• The purpose of this NIST publication is to provide guidance for federal agencies on how to protect federal information.

• NIST 800-171 applies to Controlled Unclassified Information (also called CUI) shared by the federal government with a nonfederal entity.

• Controlled Unclassified Information (CUI) at Georgia Tech can include, but is not limited to,:

• Federally funded research

• Health information

• Student financial aid records

• Visa records

• Department of Defense deadline for full compliance is December 31, 2017.

NIST 800-171

Which labs are in scope

Language in contracts

Producing data sets that are considered CUI

LABS IN SCOPE

Page 4: DFARS/NIST 800-171 PROGRAM OVERVIEWpwp.gatech.edu/.../08/DFARS-NIST-ADR-Presentation-080317.pdf · 2017-08-30 · NIST Special Publication 800 -171 – Protection Controlled Unclassified

PHASE 1

• Build and formalize Steering Committee and Project Committees

• Requirements gathering from stakeholders for central services

• Research peer institutions to determine their paths to compliance

• Univerity of Florida

• Purdue

• Portland State

• UC Davis

Discovery

Presenter

Presentation Notes

Add list of campuses we’ve talked to.

Page 5: DFARS/NIST 800-171 PROGRAM OVERVIEWpwp.gatech.edu/.../08/DFARS-NIST-ADR-Presentation-080317.pdf · 2017-08-30 · NIST Special Publication 800 -171 – Protection Controlled Unclassified

PHASE 1

• Build and formalize Steering Committee and Project Committees

• Documented project and communications plan

• Website – www.cui.gatech.edu

• Pilot central services and identify potential labs as candidates

• Begin scoping and outlining requirements for audit program

• Begin design/development of Research Contract Lifecycle workflow

Design

Presenter

Presentation Notes

Add list of campuses we’ve talked to. Add communications notes.

Page 6: DFARS/NIST 800-171 PROGRAM OVERVIEWpwp.gatech.edu/.../08/DFARS-NIST-ADR-Presentation-080317.pdf · 2017-08-30 · NIST Special Publication 800 -171 – Protection Controlled Unclassified

PHASE 2

• Begin migrations of early adopters, concluding pilot

• Hiring compliance positions

• Begin execution of lab audits

Implementation/Integration

Presenter

Presentation Notes

Add list of labs we’ve visited already.

Page 7: DFARS/NIST 800-171 PROGRAM OVERVIEWpwp.gatech.edu/.../08/DFARS-NIST-ADR-Presentation-080317.pdf · 2017-08-30 · NIST Special Publication 800 -171 – Protection Controlled Unclassified

PHASE 3

• Fully migrate into technical environment

• Full communication/education campaign for campus

• Training and testing

• Transition into a fully operational audit and compliance service

• Complete design/development of Research Contract Lifecycle workflow

Monitor/Evaluate

Page 8: DFARS/NIST 800-171 PROGRAM OVERVIEWpwp.gatech.edu/.../08/DFARS-NIST-ADR-Presentation-080317.pdf · 2017-08-30 · NIST Special Publication 800 -171 – Protection Controlled Unclassified

CRITICAL PATH

Page 9: DFARS/NIST 800-171 PROGRAM OVERVIEWpwp.gatech.edu/.../08/DFARS-NIST-ADR-Presentation-080317.pdf · 2017-08-30 · NIST Special Publication 800 -171 – Protection Controlled Unclassified

WHAT CAN THE LABS EXPECT?

Page 10: DFARS/NIST 800-171 PROGRAM OVERVIEWpwp.gatech.edu/.../08/DFARS-NIST-ADR-Presentation-080317.pdf · 2017-08-30 · NIST Special Publication 800 -171 – Protection Controlled Unclassified

Jimmy Lummis

(404) 385-0334

[email protected]

Jennifer Rhodes

(404) 385-3953

[email protected]

Blake Penn

(404) 385-5480

[email protected]

QUESTIONS?

mailto:[email protected]

Page 11: DFARS/NIST 800-171 PROGRAM OVERVIEWpwp.gatech.edu/.../08/DFARS-NIST-ADR-Presentation-080317.pdf · 2017-08-30 · NIST Special Publication 800 -171 – Protection Controlled Unclassified

Print this and bring a hard copy.

LIST OF LABS IN SCOPE

Presenter

Presentation Notes

Ask for volunteers for Communications and Financial groups.

DFARS 252 Assessment Session 208: NIST SP 800 …/media/HDIFusion/Files/speaker-handouts/... · Session 208: NIST SP 800-171 and Controlled Unclassified Information Presented by:

NNT NIST 800-171 Solution Brief - newnettechnologies.com · NNT Compliance Briefing NIST 800-171 CONTROL FAMILIES NIST 800-171 is a subset of require-ments taken from the NIST 800-53

Cybersecurity Challenges - DoD Procurement Toolbox · Unclassified 18 NIST SP 800-171, Protecting CUI in Nonfederal Systems and Organizations Why NIST SP 800-171? •Developed for

Controlled Unclassified Information and NIST 800-171 Unclassified Information and NIST 800-171 ... associated with the loss of this information are assessed and minimized ... Small

Preparing for NIST SP 800 -171 - PilieroMazza › 7A2372 › assets › files... · Preparing for NIST SP 800 -171 January 23, 2018 For the American Council of Engineering Companies

Cybersecurity Challenges - NIST...2018/10/18 · Cybersecurity Challenges Protecting DoD’s Unclassified Information Implementing DFARS Clause 252.204-7012, Safeguarding Covered

An Introduction to NIST Special Publication 800-171 for

Federal Acquisition Regulation (FAR) and Defense Federal … · 2020-05-02 · outlined in NIST SP 800-171, and implemented in the applicable FAR and DFARS clauses (FAR § 52.204-21

NIST MEP Cybersecurity Self-Assessment Handbook For ... · NIST Handbook 162 . NIST MEP Cybersecurity . Self-Assessment Handbook . For Assessing NIST SP 800-171 . Security Requirements

Reality check: Defense industry’s implementation of NIST ... · defense contractors typically fall short in implementing DFARS 252.204-7012 and the associated NIST ... NIST SP 800-171

NIST 800-171, DFARS - University of Central Florida CUI and NI… · DIACAP (May 2009 –October 2014) RMF (Strongly based on NIST 800-37 and 800-53) (October 2014 –Present) NIST

DFARS 252.204-7012, NIST 800-171, CDI … and You · DFARS 252.204-7012, NIST 800-171, CDI … and You • Overview

Get Compliant with the New DFARS 252.204-7012 ... · 8/30/2017 · comply with NIST 800-171 (Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations)

KEY IDEAS ASSOCIATED WITH CUI REQUIREMENTS AND DFARS … · 2019-11-07 · nor will DoD certify that a contractor is compliant with the NIST SP 800-171 security requirements. Office

FileCloud NIST 800-171 Compliance Guide · Regulation Supplement (DFARS) minimum security standards by December 31, 2017 or risk losing their DoD contracts.” Compliance with NIST

Cyber Security Workshop...Cyber Security Workshop DFARS Clause 252.204-7012 / NIST SP 800-171 June 2019 Prof. Clifford Neuman Director, USC Center for Computer System Security Unclassified

Federal Acquisition Regulation (FAR) and Defense Federal ... Terms - FARS...outlined in NIST SP 800-171, and implemented in the applicable FAR and DFARS clauses (FAR § 52.204-21 and

Cyber Security Workshop · 2018. 12. 20. · Cyber Security Workshop DFARS Clause 252.2047012 / - NIST SP 800-171 Prepared by Prof. Clifford Neuman Director, USC Center for Computer

NIST SP800-171: Protecting Controlled Unclassified ... · What is NIST SP 800-171 4. In place to protect “Controlled Unclassified Information” (CUI) Tailored NIST SP 800-53 security

NIST 800-171, DFARS - Florida Industrial Security Working ...fiswg.research.ucf.edu/Documents/PDF/Protecting CUI and NIST-800... · nist 800-171, dfars responsibilities for defense

SPRS Access for NIST SP 800-171

Are You Prepared for the Upcoming DoD Cybersecurity Audit ...NIST 800-171, DFARS and CMMC NIST 800-171 is a NIST Special Publication with requirements for protecting the confidentiality

NIST 800-171 Simplifying CUI and DFARS Compliance

NIST 800 171 Scoring Supplement - RapidFire Tools · 2021. 1. 4. · NIST 800 171 Scoring Supplement CMMC ASSESSMENT PROPRIETARY & CONFIDENTIAL Page 3 of 19 4.1 - Access Restrictions

Are You Ready for NIST SP 800-171?

Protecting Controlled Unclassified Information in Nonfederal Information … › ... › NIST-MEP-800-171-Presentation.pdf · 2017-10-18 · § NIST Special Publication 800-171 to

NIST SP 800-171 DoD Assessment Methodology, Version 1 SP 800... · 2020-03-17 · NIST SP 800-171 DoD Assessment Methodology, Version 1.1, March 13, 2020 5 iii) This assessment is

NIST SP 800-171 Questionnaire that all suppliers fully understand their obligations ... For new contracts awarded prior to ... the answers to NIST SP 800-171 questionnaire

IT & NICE Cybersecurity Enterprise Training Curriculum · • Cybersecurity Management (NIST Cybersecurity Framework, NIST 800-171 etc.) • Cyber Resilience Management (RESILIA)

Get Compliant with the New DFARS 252.204-7012 ... · •Cloud Computing: ... Federal systems and were based upon NIST 800-53 ... •NIST 800-171 includes Appendix D (Mapping Tables)

NIST SP 800-171 DoD Assessment Methodology, Version 1 · NIST SP 800-171 DoD Assessment Methodology, Version 1.1, March 13, 2020 ... Institute of Standards and Technology (NIST) Special

An Introduction to NIST Special Publication 800-171 for Higher Education Institutions · 2017-01-10 · What Is NIST 800-171? The National Institute of Standards and Technology (NIST)

How to Comply with DFAR 252-204-7012 NIST SP 800-171 Rev. 2 · ALL of the companies doing business with DoD will have to comply immediately with DFARS 252.204- 7012 and have a 1-3

DFARS NIST 800-171 AIA SMC SC 092617 ….../ u u ] ] } v rD ] v ] u µ u E )$5 0,1,080 &21752/6 1,67 &21752/ L /LPLWLQIRUPDWLRQV\VWHPDFFHVVWR DXWKRUL]HG XVHUV SURFHVVHV DFWLQJ RQ EHKDOIRIDXWKRUL]HGXVHUV

Today’s Topics - IMEC...10/21/2020 1 October 22, 2020 Jana White Cybersecurity Resiliency for Defense Contractors Webinar Series: DFARS NIST 800-171 Compliance Process Today’s