There is a lot going on in the DFARs procurement world lately. As government contractors and government contract officers, it behooves us to stay focused on this critical part of procurement. There were two little talked about rules that were added to the DOD proposed rules in September 2020. Both rules relate to how NIST 800-171 will be used moving forward to provide greater security with respect to supply chains.

So, the big question is: what does your supply chain look like and how are you protected? Even more importantly, are you the weak link in your supply chain as it relates to your suppliers and your DOD and other government contracts? The leading IT think tank Gartner Group has said that 60% of companies nationwide use the security of a supplier as a critical determining factor in whether they will do business with them or not.

When we work with suppliers we know and trust, we will be able to be more effective and more integrated. We will be able to apply our systems in a more concerted and holistic fashion.

These Rule Changes Can Be Significant

Rule change one is the change in the NIST 800-171 to make it a required objective assessment of a contractor’s implementation status. Currently, most contractors have not even begun a basic evaluation. Studies show that less than 60% of companies have even read the DFARs requirement.

The other rule change is how SPRS will change from a limited role for simple acquisitions to required on all solicitations for supplies and services including commercial items. See rule change here. So, the next question is: how far your supplier has gone in preparing for the latest NIST 800-171 compliance?

Armedia is Ahead of the Game

As a government contracting officer, when you are looking for a value-added supplier, you want to know up front that they have already done the work of securing their environment. You want to have the peace of mind to know you can focus on the contract task at hand and not have to worry about the security of your supply chain. Armedia has already done this assessment. Armedia has also done CMMC level one self-assessment and is preparing for the ISO 27001 early next year. Once again, Armedia is ahead of the game.

Armedia has already performed a full NIST 800-171 internal audit and self-assessment, meaning Armedia has already provided all the required documentation and reviewed all security procedures and processes to ensure compliance with their 800-171 requirements. How many other vendors do you deal with on a daily basis that have done this? This is a process that many other vendors still struggle with.

Some of the advanced cybersecurity features that Armedia has implemented:

• Implementation of advanced IDS/IPS capability for scanning for security vulnerabilities.
• Use of an advanced security technology for managing threats and logs with SPLUNK SEIM technology.
• Advanced role-based security training for all levels in the organization.
• An advanced and separated change management system to maintain integrity of process.
• Use of DISA and STIG baseline checklist requirements.
• Use of multifactor authentication technologies.

 

As you can see, there is a considerable amount of work that has been done before these requirements are laid down in stone and forced on the vendors. This makes the CO’s job much easier and the supply chain that much safer.