Where are the cyber security regs leading?

The DFARS 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Report requires the protecting of controlled unclassified information in nonfederal information systems and organizations (e.g. commercial sub-tier suppliers). The Good News is that this regulation has a limited scope of your “systems”: The security requirements apply only to components of nonfederal systems (e.g. commercial sub-tier […]

Your Baby is Ugly

No one wants to here the words, your baby is ugly. When AEI is tasked to assess a client’s compliance processes, sometimes we have to tell the client that their processes, training and personnel have a hole large enough for a violation to escape. Yes, an escape can happen at any company at any time […]

Regulatory Requirements & Policy Conflicts

Organizations should closely analyze requirements from their customers who flow down regulatory requirements such as the FAR and/or DFARS to determine if conflicts exists. In an analysis of certain Defense Federal Acquisition Regulations Supplement, I noticed what could be a conflict for those organizations who may seek to use a Voluntary Disclosure as a result […]

Aerospace Exports Incorporated

Checklist for DFARS 252.204-7012

A few weeks ago AEI held a complimentary webinar explaining the Cyber Security and Reporting DFARS 252.204-7012 clause. During the webinar we demonstrated our checklist. Since the webinar we have been swamped for requests for the checklist. If you would like your own copy, please send us an email, provide your name and company name and we […]

Aerospace Exports Incorporated

The Feds can do what?

Regardless if your company is publicly or privately held, the U.S. Government by using the Federal Acquisition Regulations can require and enforce cyber controls on your company networks. Your private networks. Learn if this Federal Acquisition Regulation applies to your firm.  Contact AEI at info@aerospaceexports.com  

Aerospace Exports Incorporated

Performing an Effective Gap Analysis

The is a lot a talk about the upcoming Cyber Security requirement deadline in December 2017, yes, I’m referring to NIST SP 800-171. Many organizations are scrambling to assess their compliance. Most QA Managers are doing what comes natural, they are relying on the GAP ANALYSIS in order to measure their compliance. Performing a Gap analysis […]