Subject: DoD Compliance: DFARS 252.204-7012 / NIST 800-171
The Challenge:
Faced with new DoD cybersecurity requirements, over 75 federal contractors have relied upon Sentar’s governance and compliance experts to assess their cybersecurity posture, define solutions to existing vulnerabilities, and develop the necessary policies, plans, and procedures to achieve compliance on a fast-paced schedule. Our clients were challenged by lack of time, insufficient confidence in their own staff, and concerns over financial and productivity impacts. But confusion over the evolving regulations constituted the biggest challenge, as the implemented DFARS language varied by contract, and the NIST-171 standards were written vaguely and open to multiple interpretations. Business leaders thusly determined the risk of relying entirely on their own staff was untenable, regardless of the size of the organization, opting to utilize Sentar’s proven solutions to achieve audit-able compliance.
The Solution:
Sentar’s experts formulate accurate cost and schedule estimates for each compliance project in a matter of hours based upon brief client conversations. For each project, we create a cost-effective compliance portal for clients to manage implementations and steps toward compliance. Sentar’s Quality Management System is used to review individual analyst notes, concerns, and findings for each client with peer and executive reviews for all deliverables. As an accredited Cybersecurity Inspection Body (CIB), each client benefits from applying our cumulative experience and providing Best Practices Plans, Policies and Procedures appropriate for small, medium, and enterprise clients. These document kits are designed for easy and immediate implementation. Client IT staff matched their system configurations to our kits, or customized them with help from Sentar experts who provide answers within hours of inquiry, savings thousands of dollars on customization. For small businesses that could not meet the NIST-171 requirements, Sentar created Cyber Faraday Cage (CFC) concept designs that provide those clients with a roadmap, a bill of materials, and the matching Best Practices document kit for a “single seat compliance” solution.
The Mission Impact:
• Improved Cybersecurity for National Defense:
Sentar has helped improve the cybersecurity posture of over 75 DoD contractors in a range of industries including shipping, aerospace, missile defense, utilities, weapons manufacturing, and Intelligence. Clients have included American States Utility Services, American Water, BAE Systems, Donaldson Company, Dun & Bradstreet, Hornbeck Offshore, M.C. Dean, Spirit Aerosystems, Katmai, Tencate Materials, Toray Composites, and Tynoek.
• Reduced Business Risk:
Our clients typically achieved their DFAR 252.204-7012 compliance within four weeks of the initial phone call and the vast majority obtained their NIST 800-171 compliance within a few months. Multiple clients have been audited by the DCMA and DCSA with 100% pass rates and our work being recognized by auditors as the “Gold Standard” held up for others to follow.