Your Fast Track to Compliance
WHAT IS CUICK TRAC™?
A cost-effective, security engineered, turn-key FULLY
COMPLIANT solution for storing, processing and
transmitting CONTROLLED UNCLASSIFIED INFORMATION (CUI).
WHAT IS DFARS / NIST SP 800-171?
The Defense Federal Acquisition Regulation Supplement (DFARS) to the Federal Acquisition Regulation (FAR) is administered by the Department of Defense (DoD). The DFARS implements and supplements the FAR. The DFARS contains requirements of law, DoD-wide policies, delegations of FAR authorities, deviations from FAR requirements, and policies/procedures that have a SIGNIFICANT effect on the public. The DFARS should be read in conjunction with the primary set of rules in the FAR. See also the suggested search for "Government Contracts."
To satisfy the DFARS mandate, organizations need to comply with the NIST SP 800-171 Rev. 1 controls.
WHY IS IT BECOMING
DEADLINE HAS PASSED
Deadline to comply was
Dec 31, 2017
By law, CUI has to be protected, along with proof of ongoing compliance
LACK OF BANDWIDTH
Federal Contractors lack bandwidth & resources to achieve compliance on their own
HOW IS CUICK TRAC™ HELPING?
Avg. days to compliance
MEETS 110 CONTROLS
OVER 14 FAMILIES
FULFILL & MAINTAIN CONTRACTS
Win more contracts by proving DFARS compliance
HOW ARE ORGANIZATIONS USING CUICK TRAC™?
Sub-contractors utilize CUICK TRAC™ to achieve compliance in a matter of days, for a fraction of the cost of doing it themselves, in order to prove on-going compliance to their primes
The DFARS 252.204-7012 clause says that you shall implement NIST SP 800-171 no later than Dec 31, 2017. Since this deadline has passed, you are now at risk of non-compliance if you have not implemented the requirements. Organizations need a risk based approach to handling, storing and controlling access of CUI.
NIST SP 800-171 is the National Institute of Standards & Technology (NIST) special publication providing 110 recommended security controls for protecting the confidentiality of CUI (Controlled Unclassified Information – a subset of CDI).
Controlled Unclassified Information (CUI) refers to unclassified information that is to be protected from public disclosure. The CUI designation replaces "sensitive but unclassified" and other similar control markings.
CUICK TRAC™’s purpose is to help businesses who currently work with, or want to do work with, the federal government, to become fully compliant with the DFARS / NIST 800-171 requirements. It caters well to businesses who lack the bandwidth and resources to implement and manage the required controls. Those businesses need a low cost solution that can be implemented in a short matter of time. If CUICK TRAC™ isn’t the right solution, Beryllium InfoSec Collaborative can provide other services to help organizations become, and stay, DFARS compliant.
The Federal government. By law, businesses handling Controlled Unclassified Information (CUI) are required to become, stay and prove DFARS / NIST 800-171 compliance in order to be awarded and keep federal government contracts. Also, primary contractors have the right to ask for proof of compliance before selecting sub-contractors.
No. Our goal, always, is to work with as much of your current business processes that are already in place. Disruption to your business is detrimental, thus a collaborative approach will be key in regards to how CUI data is collected, stored and accessed.
No. If you know you aren’t compliant, focus on the solution. Once CUICK TRAC™ gets you DFARS compliant in a short period of time, you can develop your Plan Of Action and Milestones (POAM) about how you’re going to stay compliant. This is included with CUICK TRAC™. If someone asks you for proof, you’ll have it.
No, CUICK TRAC™ is not a software. It’s a hosted solution/controlled environment, to keep your CUI data secure. Thus no FedRamp approval is required.
Yes. Under the DFARS clause, contractors must report cyber incidents within 72 hours of them happening. That’s a difficult thing to accomplish if your business doesn’t have the personnel or resources to always be monitoring your security information and event management solution (SIEM). Not only does CUICK TRAC™ meet this requirement, it also voluntarily reports unsuccessful attacks so federal authorities can analyze the data to help prevent future attack vectors.
Organizations who fail to prove compliance will face fines and or loss of contracts. Nobody wins in this situation, thus the reason CUICK TRAC™ was created.
For more information please fill out the form below.
* These fields are required.