The DFARS 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Report requires the protecting of controlled unclassified information in nonfederal information systems and organizations (e.g. commercial sub-tier suppliers). The Good News is that this regulation has a limited scope of your “systems”: The security requirements apply only to components of nonfederal systems (e.g. commercial sub-tier… Continue reading Where are the cyber security regs leading?
Organizations should closely analyze requirements from their customers who flow down regulatory requirements such as the FAR and/or DFARS to determine if conflicts exists. In an analysis of certain Defense Federal Acquisition Regulations Supplement, I noticed what could be a conflict for those organizations who may seek to use a Voluntary Disclosure as a result… Continue reading Regulatory Requirements & Policy Conflicts
Regardless if your company is publicly or privately held, the U.S. Government by using the Federal Acquisition Regulations can require and enforce cyber controls on your company networks. Your private networks. Learn if this Federal Acquisition Regulation applies to your firm. Contact AEI at firstname.lastname@example.org Subscribe to AEI’s mailing list * indicates required Email… Continue reading The Feds can do what?
Hundreds and possibly even thousands of small businesses were or are victims of cyber crime. The ransom ranges from hundreds into the thousands dollars. So whether you are required by the Federal Acquisition Regulations or simply want to protect your business, consider this when you think about your cyber controls: What is the chance that… Continue reading Is Your Business At Risk?