Organizations who fail to prove compliance will face fines and or loss of contracts. Nobody wins in this situation, thus the reason CUICK TRAC™ was created.
Yes. Under the DFARS clause, contractors must report cyber incidents within 72 hours of them happening. That’s a difficult thing to accomplish if your business doesn’t have the personnel or resources to always be monitoring your security information and event management solution (SIEM). Not only does CUICK TRAC™ meet this requirement, it also voluntarily reports unsuccessful attacks so federal authorities can analyze the data to help prevent future attack vectors.
No, CUICK TRAC™ is not a software. It’s a hosted solution/controlled environment, to keep your CUI data secure. Thus no FedRamp approval is required.
No. If you know you aren’t compliant, focus on the solution. Once CUICK TRAC™ gets you DFARS compliant in a short period of time, you can develop your Plan Of Action and Milestones (POAM) about how you’re going to stay compliant. This is included with CUICK TRAC™. If someone asks you for proof, you’ll have it.
No. Our goal, always, is to work with as much of your current business processes that are already in place. Disruption to your business is detrimental, thus a collaborative approach will be key in regards to how CUI data is collected, stored and accessed.
The Federal government. By law, businesses handling Controlled Unclassified Information (CUI) are required to become, stay and prove DFARS/NIST 800-171 compliance in order to be awarded and keep federal government contracts. Also, primary contractors have the right to ask for proof of compliance before selecting sub-contractors.
CUICK TRAC™’s purpose is to help businesses who currently work with, or want to do work with, the federal government, to become fully compliant with the DFARS/NIST 800-171 requirements. It caters well to businesses who lack the bandwidth and resources to implement and manage the required controls. Those businesses need a low cost solution that can be implemented in a short matter of time. If CUICK TRAC™ isn’t the right solution, Beryllium InfoSec Collaborative can provide other services to help organizations become, and stay, DFARS compliant.
Controlled Unclassified Information (CUI) refers to unclassified information that is to be protected from public disclosure. The CUI designation replaces "sensitive but unclassified" and other similar control markings.
The DFARS 252.204-7012 clause says that you shall implement NIST SP 800-171 no later than Dec 31, 2017. Since this deadline has passed, you are now at risk of non-compliance if you have not implemented the requirements. Organizations need a risk based approach to handling, storing and controlling access of CUI.
NIST SP 800-171 is the National Institute of Standards & Technology (NIST) special publication providing 110 recommended security controls for protecting the confidentiality of CUI (Controlled Unclassified Information – a subset of CDI).