An official website of the United States government
Here's how you know
Official websites use .mil
A
.mil
website belongs to an official U.S. Department of Defense organization in the United States.
Secure .mil websites use HTTPS
A
lock (
lock
)
or
https://
means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.
Skip to main content (Press Enter).
Toggle navigation
75th U.S. Army Reserve Innovation Command
Make Ready!
75th U.S. Army Reserve Innovation Command
Search
Search 75th U.S. Army Reserve Innovation Command:
Search
Search 75th U.S. Army Reserve Innovation Command:
Search
Home
About
Leadership
Mission & Vision
Where We Innovate
News
MAJ Rubins Award
Talent Management
Civilian Partnerships
Innovation Support Request
Contact Us
Home
Test Page
Playlist:
Search Results
Video by Michael Dunbar, Chad Hilton, Douglas Key
Player Embed Code:
<iframe width='500' height='300' scrolling='no' frameborder='0' style='border: none; overflow: hidden; width: 500px; height: 300px;' allowtransparency='true' src='https://www.dvidshub.net/video/embed/807319'></iframe>
Download
Embed
Share
Cybersecurity Compliance: An Introduction to DFARS 252.204-7012 and NIST SP 800-171 Requirements
Defense Contract Management Agency
July 20, 2021 | 6:29
A presentation of the concepts related to the regulatory requirements governing contractor cybersecurity and the handling of Controlled Unclassified Information, as well as the process of attaining and demonstrating compliance through assessment.
Glossary of Terms:
DCMA
Defense Contract Management Agency; administrating agency of the Defense Industrial Base Cybersecurity Assessment Center
Prime
Prime contractor; works directly with the government, manages any subcontractors, and are responsible for ensuring that the work is completed as defined in the contract
Sub
Subcontractor; supplier, distributor, vendor, or firm that furnishes supplies or services to or for a prime contractor or another subcontractor
Enclave
Section of an internal network that is subdivided from the rest of the network which operates in the same security domain and shares the protection of a single, common, continuous security perimeter
Basic (Contractor Self-Assessment) NIST SP 800-171 DoD Assessment (also referred to as ‘Basic’ or ‘Basic Assessment’)
The Basic Assessment is the Contractor’s self-assessment of NIST SP 800-171 implementation status, based on a review of the system security plan(s) associated with covered contractor information system(s), and conducted in accordance with NIST SP 800-171A….and Section 5 and Annex A of [the NIST SP 800-171 DoD Assessment Methodology].
Medium NIST SP 800-171 Assessment (also referred to as ‘Medium’ or ‘Medium Assessment’)
The Medium Assessment is conducted by DoD personnel who have been trained in accordance with DoD policy and procedures to conduct the assessment...will consist of a review of the system security plan description of how each requirement is met to identify any descriptions which may not properly address the security requirement. (see NIST SP 800-171 DoD Assessment Methodology)
High (On-Site or Virtual) NIST SP 800-171 DoD Assessment (also referred to as ‘High’ or ‘High Assessment’)
The High Assessment, conducted by DoD personnel who have been trained in accordance with DoD policy and procedures to conduct the assessment, requires a thorough on-site or virtual verification/examination/demonstration of the Contractor’s system security plan and implementation of the NIST SP 800-171 security requirements. (see NIST SP 800-171 DoD Assessment Methodology)
Resources:
Supplier Performance Risk System (SPRS)
https://www.sprs.csd.disa.mil/
OUSD(A&S) Strategically Assessing Contractor Implementation of NIST SP 800-171 site
https://www.acq.osd.mil/dpap/pdi/cyber/strategically_assessing_contractor_implementation_of_NIST_SP_800-171.html
NIST SP 800-171 Rev. 2
https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final
NIST SP 800-171A
https://csrc.nist.gov/publications/detail/sp/800-171a/final
DoD Procurement Toolbox – Cybersecurity in DoD Acquisition Regulations
https://dodprocurementtoolbox.com/site-pages/cybersecurity-dod-acquisition-regulations
**LATEST VERSIONS AS OF THE TIME OF VIDEO PUBLICATION.**
More
Tags
Defense Contract Management Agency
dcma
DIBCAC
Defense Industrial Base Cybersecurity Assessment Center
NIST SP 800-171
More
Up Next
Now Playing
Cybersecurity Compliance: An Introduction to DFARS 252.204-7012 and NIST SP 800-171 Requirements
More Videos