The Pell Center at Salve Regina University, in collaboration with NeQter Labs – a Division of McLaughlin Research Corp. – and the Southeastern New England Defense Industry Alliance (SENEDIA), will host a special event today (December 6, 2017) for defense contractors and subcontractors to discuss how to approach and implement the National Institute of Standards and Technology (NIST) Special Publication (SP)800-171 requirements in their organization.
The US Department of Defense (DoD) has given guidance for compliance requirements for selected elements of Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting.” This requires businesses providing services or products to DoD to provide “adequate security” for covered defense information that is processed, stored, or transmitted on the business’s internal information system or network. To provide adequate security, the contractor must, at a minimum, implement NIST (SP) 800- 171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations,” no later than December 31, 2017.
Like others across the country, Rhode Island’s defense industry, which contributes about $3.7 billion each year to the state’s economy, faces a looming December deadline to comply. Dr. Ronald Ross, Fellow at NIST and author of this Special Publication, will discuss the content of these new NIST SP800-171 requirements and how they can be implemented as part of an organization’s overall cybersecurity and risk management programs.
In addition, a panel of renowned experts and industry practitioners will help demystify some of the common misconceptions, share best practices, and discuss continuing compliance and incident response. Whether an organization has just begun on its path, or is well on their way to compliance, this event will help them address the many questions that arise during the process.
“This event is a unique opportunity for companies who have to implement these requirements to assess the scope of what they need to do, understand their minimum requirements for meeting the 31 December deadline, and get insight into resources that can help them in this endeavor. This effort is more than just meeting a requirement, it establishes good business practices that will provide an effective risk management process for companies,” said Molly Donohue Magee, SENEDIA’s Executive Director.
The morning’s discussion will be followed by an optional hands-on workshop to delve deeper into specific elements of the document.