Due to increased concerns about cyberattacks, any manufacturer, either an OEM or tiered supplier, contractually doing business with the Department of Defense (DoD), General Services Administration (GSA) or NASA must be DFARS compliant with defined cybersecurity requirements as of December 31, 2017.
Join Polaris MEP for breakfast and learn about DFARS (NIST Special Publication 800-171), understand its cybersecurity requirements and the impact to your company
No business is too small to be hacked. More than 70 percent of reported breaches actually affected businesses with 100 employees or less. Therefore, having a sustainable plan in place is critical to the survival of a small business because one cyber-attack can be catastrophic.
Some facts shared by the Michigan Manufacturing Technology Center help illustrate the severity of this issue:
Knowing this, government agencies are requiring their contractors to meet certain cybersecurity requirements. What may have been a “down the road” priority has become a “better do it now” priority for contractors nationwide including vendors doing business with the Department of Defense (DoD).
The requirements detailed by the National Institute of Standards and Technology (NIST) in Special Publication 800-171 include a compliance deadline of December 31, 2017– or risk losing federal contracts.
With the deadline fast approaching we’re finding most Rhode Island manufacturers, regardless of tier, aren’t even aware of the impending date or what they must do to comply.
The biggest thing to note is the DoD Chief Information Officer must now be notified within 30 days of contract award of any security requirements not implemented by the contractor at the time including cybersecurity compliance. In other words, if contractors don’t have proof of compliance, they risk removal from the approved DoD vendor list.
Comments are closed.