Top Banner
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 1 Thank you for registering for today’s webinar! The presentation will begin shortly. Thank you for your patience and we hope you enjoy the webinar! Department of Defense NIST Requirement: The Deadline is Approaching
40

Department of Defense NIST Requirement: The Deadline is Approaching

Jan 21, 2018

Download

Education

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 1

Thank you for registering for today’s webinar!The presentation will begin shortly.■

Thank you for your patience and we hope you enjoy the webinar!

Department of Defense NIST Requirement: The Deadline is Approaching

Page 2: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2

▾ VI

EW >

MA

STER

> R

IGH

T-C

LIC

K >

DU

PLIC

ATE

LA

YOU

T >

DO

UB

LE-C

LIC

K T

HIS

IMA

GE

TO

REP

LAC

E ▾

Department of Defense NIST Requirement: The Deadline Is Approaching

Page 3: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 33

Today’s Presenters

3

Travis MillerAssent ComplianceGeneral Counsel

<insert headshot>

Page 4: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 44

Agenda

1 Introduction to Assent

2 Due Diligence in DFARS

3 DFARS Focus on NIST Cybersecurity

4 The POA&M and SSP

5 Supply Chain Elements

6 Questions

Page 5: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 5

▾ VI

EW >

MA

STER

> R

IGH

T-C

LIC

K >

DU

PLIC

ATE

LA

YOU

T >

DO

UB

LE-C

LIC

K T

HIS

IMA

GE

TO

REP

LAC

E ▾

Introduction to Assent

Page 6: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 6

Assent Product SuitesOur Market Leading Platform

Corporate Social Responsibility

Product Compliance

Vendor Management Inspections

Page 7: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 7

Assent Works with 40% of S&P 500 Product Companies

Overview

300,000 Supplier Companies

Global Footprint

A Partner You Can Grow With

40%

300k

Page 8: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

Feature PresentationPRESENTER, TITLE & COMPANY Due Diligence in DFARS

8

Page 9: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 9

Background: What Are DFARS Flow-Downs?

Page 10: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 10

▪▫

Background: What Does This Mean?

Page 11: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 11

Changing Norms

Page 12: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 12

The DFARS Flow-Downs Changing the Game

Page 13: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

Challenges & Coping Mechanisms

13

Challenges:

▫▪

Coping Mechanisms:

▪▪

Page 14: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

The Result

14

▪▪

▪▪

Page 15: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

DFARS Focus on NIST Cybersecurity

Page 16: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

Cybersecurity Driver

16

Safeguarding Covered Defense Information and Cyber Incident Reporting (October 2016)

Why Does It Exist?

Page 17: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

Cybersecurity in a Nutshell

17

DFARS 252.204-7012.ii.A requires IT support and vendors to gather evidence of supply chain compliance by December 31, 2017.

How Do You Comply?

Page 18: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

DFARS Cybersecurity Requirements

18

▫ December 31, 2017

Page 19: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

What is DFARS 252.204-7012?

19

Page 20: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

How Does a Covered Contractor System Show Compliance?

20

1 Office of the Under Secretary of Defense for Acquisition, Technology and Logistics. (2016). Defense Federal Acquisition Regulation Supplement (DFARS) and Procedures, Guidance, and Information (PGI). Retrieved from https://www.acq.osd.mil/dpap/dars/dfars/html/current/252204.htm#252.204-7012

Page 21: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

How Does a Covered Contractor System Show Compliance?

21

1 Office of the Under Secretary of Defense for Acquisition, Technology and Logistics. (2016). Defense Federal Acquisition Regulation Supplement (DFARS) and Procedures, Guidance, and Information (PGI). Retrieved from https://www.acq.osd.mil/dpap/dars/dfars/html/current/252204.htm#252.204-7012

Page 22: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

Internal Documents: The POA&M and SSP

22

Page 23: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2323

What is a POA&M?

▪▫▫▫

December 31, 2017

Page 24: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2424

When is a POA&M Created?

Page 25: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2525

What Should My POA&M Contain?

Page 26: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2626

What Should My POA&M Contain?

Page 27: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2727

What Should My POA&M Contain?

Page 28: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2828

What Should My POA&M Contain?

Page 29: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2929

What Should My POA&M Contain?

Page 30: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 3030

What Is an SSP?

Page 31: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 3131

When Is an SSP Created?

▪▫▫

Page 32: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 3232

What Goes in an SSP?

Page 33: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

Feature PresentationPRESENTER, TITLE & COMPANY Supply Chain Elements

33

Page 34: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 34

Cybersecurity Standards Prompt Due Diligence

Page 35: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 35

Cybersecurity Standards Prompt Due Diligence

Page 36: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 36

In English...

Page 37: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 37

How Is Industry Administering This Obligation?

Page 38: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 38

There Are Two Mechanisms to Administer This

Page 39: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 [email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

Learn more about Assent events:www.assentcompliance.com/events

[Webinar] Introduction to Food ContactWednesday, December 13 | 11 AM ET

[Webinar] 12 Days of Compliance Wednesday, December 13 | 2 PM ET

Upcoming Conferences

SAN DIEGOFEB 14-15, 2018

www.assentsummitseries.com

Upcoming Events: Webinars & Conferences

Page 40: Department of Defense NIST Requirement: The Deadline is Approaching

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 4040

Questions/DiscussionConclusion

[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 40