Compliance is an important consideration for many organizations, including government contractors and healthcare providers. Rimstorm provides security services that will ensure compliance with CMMC, NIST 800-171 or HIPAA. Contact us today to have one of our compliance experts evaluate your needs.
The Department of Defense has made it clear to defense contractors that cybersecurity must be significantly improved. Towards this end, the CMMC Framework and maturity levels were released on January 30, 2020. DoD will soon require defense contractors to be CMMC certified in order to be considered for a contract. The first RFPs to include these new requirements are expected to be issued in the third quarter of 2020.
How can you prepare for these certification requirements? One important first step is a gap analysis through our CMMC Cybersecurity Review. Deficiencies will be identified and recommendations will be provided to obtain the desired level of certification.
National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-171 outlines cybersecurity-related requirements for government contractors. The U.S. Department of Defense (DOD) published a three-page interim rule to the Defense Federal Acquisition Regulation Supplement (DFARS) that took effect for any contracts originating after December 31, 2017.
These requirements protect the confidentiality of Controlled Unclassified Information (CUI) in non-federal systems and organizations. If you are a government contractor, failure to meet these requirements will result in the loss of your contract.
Consequences for not achieving NIST-800-171 compliance?
As of January 1, 2018, government contractors are expected to have implemented the requirements of NIST 800-171. If an audit determines a failure to meet the requirements of NIST 800-171, consequences may include criminal, civil, administrative, or contract penalties – including termination of contracts.
The Health Insurance Portability and Accountability (HIPAA) regulation impacts health care organizations that exchange and store patient information. HIPAA regulations were established to protect the integrity of patient information and compliance is intended to secure health information against unauthorized use, theft or disclosure of the information.
As part of the requirements, HIPAA states that a security management process must exist in order to protect against “attempted or successful unauthorized access, use, disclosure, modification, or interference with system operations”. Further an organization must be able to monitor, report and alert on attempted or successful access to systems and applications that contain sensitive patient information.