[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 1
Thank you for registering for today’s webinar!The presentation will begin shortly.■
■
□
■
□
■
■
Thank you for your patience and we hope you enjoy the webinar!
Department of Defense NIST Requirement: The Deadline is Approaching
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2
▾ VI
EW >
MA
STER
> R
IGH
T-C
LIC
K >
DU
PLIC
ATE
LA
YOU
T >
DO
UB
LE-C
LIC
K T
HIS
IMA
GE
TO
REP
LAC
E ▾
Department of Defense NIST Requirement: The Deadline Is Approaching
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 33
Today’s Presenters
3
Travis MillerAssent ComplianceGeneral Counsel
<insert headshot>
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 44
Agenda
1 Introduction to Assent
2 Due Diligence in DFARS
3 DFARS Focus on NIST Cybersecurity
4 The POA&M and SSP
5 Supply Chain Elements
6 Questions
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 5
▾ VI
EW >
MA
STER
> R
IGH
T-C
LIC
K >
DU
PLIC
ATE
LA
YOU
T >
DO
UB
LE-C
LIC
K T
HIS
IMA
GE
TO
REP
LAC
E ▾
Introduction to Assent
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 6
Assent Product SuitesOur Market Leading Platform
Corporate Social Responsibility
Product Compliance
Vendor Management Inspections
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 7
Assent Works with 40% of S&P 500 Product Companies
Overview
300,000 Supplier Companies
Global Footprint
A Partner You Can Grow With
40%
300k
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
Feature PresentationPRESENTER, TITLE & COMPANY Due Diligence in DFARS
8
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 9
▪
▪
Background: What Are DFARS Flow-Downs?
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 10
▪
▪▫
▫
Background: What Does This Mean?
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 11
▪
▪
▪
Changing Norms
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 12
The DFARS Flow-Downs Changing the Game
▪
▪
▪
▪
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
Challenges & Coping Mechanisms
13
Challenges:
▪
▫▪
Coping Mechanisms:
▪▪
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
The Result
14
▪▪
▪▪
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
DFARS Focus on NIST Cybersecurity
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
Cybersecurity Driver
16
Safeguarding Covered Defense Information and Cyber Incident Reporting (October 2016)
Why Does It Exist?
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
Cybersecurity in a Nutshell
17
DFARS 252.204-7012.ii.A requires IT support and vendors to gather evidence of supply chain compliance by December 31, 2017.
How Do You Comply?
▪
▪
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
DFARS Cybersecurity Requirements
18
▪
▪
▫
▫ December 31, 2017
▫
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
What is DFARS 252.204-7012?
19
▪
▪
▪
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
How Does a Covered Contractor System Show Compliance?
20
1 Office of the Under Secretary of Defense for Acquisition, Technology and Logistics. (2016). Defense Federal Acquisition Regulation Supplement (DFARS) and Procedures, Guidance, and Information (PGI). Retrieved from https://www.acq.osd.mil/dpap/dars/dfars/html/current/252204.htm#252.204-7012
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
How Does a Covered Contractor System Show Compliance?
21
1 Office of the Under Secretary of Defense for Acquisition, Technology and Logistics. (2016). Defense Federal Acquisition Regulation Supplement (DFARS) and Procedures, Guidance, and Information (PGI). Retrieved from https://www.acq.osd.mil/dpap/dars/dfars/html/current/252204.htm#252.204-7012
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
Internal Documents: The POA&M and SSP
22
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2323
What is a POA&M?
▪
▪▫▫▫
▪
December 31, 2017
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2424
When is a POA&M Created?
▪
▪
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2525
What Should My POA&M Contain?
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2626
What Should My POA&M Contain?
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2727
What Should My POA&M Contain?
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2828
What Should My POA&M Contain?
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2929
What Should My POA&M Contain?
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 3030
What Is an SSP?
▪
▪
▪
▪
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 3131
When Is an SSP Created?
▪▫▫
▫
▪
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 3232
What Goes in an SSP?
▪
▪
▪
▪
▪
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
Feature PresentationPRESENTER, TITLE & COMPANY Supply Chain Elements
33
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 34
▪
▪
▪
Cybersecurity Standards Prompt Due Diligence
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 35
▪
▫
▫
▫
Cybersecurity Standards Prompt Due Diligence
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 36
▪
▪
In English...
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 37
▪
▪
▪
How Is Industry Administering This Obligation?
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 38
▪
▪
There Are Two Mechanisms to Administer This
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 [email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017
Learn more about Assent events:www.assentcompliance.com/events
[Webinar] Introduction to Food ContactWednesday, December 13 | 11 AM ET
[Webinar] 12 Days of Compliance Wednesday, December 13 | 2 PM ET
Upcoming Conferences
SAN DIEGOFEB 14-15, 2018
www.assentsummitseries.com
Upcoming Events: Webinars & Conferences
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 4040
Questions/DiscussionConclusion
[email protected] / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 40