From: CSO | Opinion
By Gaurav Pal, Contributor
Companies supplying products and services to the US Department of Defense must meet 110 security requirements specified in NIST SP 800-171 or risk losing contract awards through a new set of risk scoring guidelines. The new rules demonstrate the government’s determination to insist on strong cybersecurity practices among its business partners and drive compliance.
The US Department of Defense issued new guidance on how it might penalize business partners that do not adequately adhere to new security rules codified in NIST SP 800-171.
***
3.Continuous monitoring and cybersecurity incident reporting. NIST security best practices and DoD DFARS 7012 require the continuous monitoring of IT systems. This includes implementing a robust logging, monitoring and alerting system. Businesses have 72 hours to report a cybersecurity incident to a DoD entity. Given the need to report cybersecurity incidents it is essential to implement processes to review logs and analyze anomalous events.
Leave a Reply