Page 1
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 1
Thank you for registering for today’s webinar!The presentation will begin shortly.■
■
□
■
□
■
■
Thank you for your patience and we hope you enjoy the webinar!
Department of Defense NIST Requirement: The Deadline is Approaching
Page 2
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2
▾ VI
EW >
MA
STER
> R
IGH
T-C
LIC
K >
DU
PLIC
ATE
LA
YOU
T >
DO
UB
LE-C
LIC
K T
HIS
IMA
GE
TO
REP
LAC
E ▾
Department of Defense NIST Requirement: The Deadline Is Approaching
Page 3
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 33
Today’s Presenters
3
Travis MillerAssent ComplianceGeneral Counsel
<insert headshot>
Page 4
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 44
Agenda
1 Introduction to Assent
2 Due Diligence in DFARS
3 DFARS Focus on NIST Cybersecurity
4 The POA&M and SSP
5 Supply Chain Elements
6 Questions
Page 5
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 5
▾ VI
EW >
MA
STER
> R
IGH
T-C
LIC
K >
DU
PLIC
ATE
LA
YOU
T >
DO
UB
LE-C
LIC
K T
HIS
IMA
GE
TO
REP
LAC
E ▾
Introduction to Assent
Page 6
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 6
Assent Product SuitesOur Market Leading Platform
Corporate Social Responsibility
Product Compliance
Vendor Management Inspections
Page 7
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 7
Assent Works with 40% of S&P 500 Product Companies
Overview
300,000 Supplier Companies
Global Footprint
A Partner You Can Grow With
40%
300k
Page 8
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
Feature PresentationPRESENTER, TITLE & COMPANY Due Diligence in DFARS
8
Page 9
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 9
▪
▪
Background: What Are DFARS Flow-Downs?
Page 10
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 10
▪
▪▫
▫
Background: What Does This Mean?
Page 11
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 11
▪
▪
▪
Changing Norms
Page 12
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 12
The DFARS Flow-Downs Changing the Game
▪
▪
▪
▪
Page 13
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
Challenges & Coping Mechanisms
13
Challenges:
▪
▫▪
Coping Mechanisms:
▪▪
Page 14
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
The Result
14
▪▪
▪▪
Page 15
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
DFARS Focus on NIST Cybersecurity
Page 16
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
Cybersecurity Driver
16
Safeguarding Covered Defense Information and Cyber Incident Reporting (October 2016)
Why Does It Exist?
Page 17
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
Cybersecurity in a Nutshell
17
DFARS 252.204-7012.ii.A requires IT support and vendors to gather evidence of supply chain compliance by December 31, 2017.
How Do You Comply?
▪
▪
Page 18
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
DFARS Cybersecurity Requirements
18
▪
▪
▫
▫ December 31, 2017
▫
Page 19
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
What is DFARS 252.204-7012?
19
▪
▪
▪
Page 20
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
How Does a Covered Contractor System Show Compliance?
20
1 Office of the Under Secretary of Defense for Acquisition, Technology and Logistics. (2016). Defense Federal Acquisition Regulation Supplement (DFARS) and Procedures, Guidance, and Information (PGI). Retrieved from https://www.acq.osd.mil/dpap/dars/dfars/html/current/252204.htm#252.204-7012
Page 21
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
How Does a Covered Contractor System Show Compliance?
21
1 Office of the Under Secretary of Defense for Acquisition, Technology and Logistics. (2016). Defense Federal Acquisition Regulation Supplement (DFARS) and Procedures, Guidance, and Information (PGI). Retrieved from https://www.acq.osd.mil/dpap/dars/dfars/html/current/252204.htm#252.204-7012
Page 22
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
Internal Documents: The POA&M and SSP
22
Page 23
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2323
What is a POA&M?
▪
▪▫▫▫
▪
December 31, 2017
Page 24
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2424
When is a POA&M Created?
▪
▪
Page 25
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2525
What Should My POA&M Contain?
Page 26
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2626
What Should My POA&M Contain?
Page 27
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2727
What Should My POA&M Contain?
Page 28
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2828
What Should My POA&M Contain?
Page 29
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2929
What Should My POA&M Contain?
Page 30
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 3030
What Is an SSP?
▪
▪
▪
▪
Page 31
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 3131
When Is an SSP Created?
▪▫▫
▫
▪
Page 32
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 3232
What Goes in an SSP?
▪
▪
▪
▪
▪
Page 33
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
Feature PresentationPRESENTER, TITLE & COMPANY Supply Chain Elements
33
Page 34
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 34
▪
▪
▪
Cybersecurity Standards Prompt Due Diligence
Page 35
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 35
▪
▫
▫
▫
Cybersecurity Standards Prompt Due Diligence
Page 36
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 36
▪
▪
In English...
Page 37
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 37
▪
▪
▪
How Is Industry Administering This Obligation?
Page 38
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 38
▪
▪
There Are Two Mechanisms to Administer This
Page 39
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 [email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
Learn more about Assent events:www.assentcompliance.com/events
[Webinar] Introduction to Food ContactWednesday, December 13 | 11 AM ET
[Webinar] 12 Days of Compliance Wednesday, December 13 | 2 PM ET
Upcoming Conferences
SAN DIEGOFEB 14-15, 2018
www.assentsummitseries.com
Upcoming Events: Webinars & Conferences
Page 40
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 4040
Questions/DiscussionConclusion
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 40