Cybersecurity Conference Addresses Defense Supplier Requirements
March 27, 2018
(Rocky Hill, CT, March 21, 2018) – CONNSTEP, Inc., in conjunction with BlumShapiro Consulting, held a cybersecurity conference for manufacturers in Connecticut who conduct business as a prime or subcontractor for the U.S. Department of Defense. All defense-related tiered suppliers must be compliant with the Defense Acquisition Regulation Supplement (DFARS). The requirements are detailed by the National Institute of Standards and Technology (NIST) Special Publication 800-171.
Jeff Orszak, Technology and Innovation Manager at CONNSTEP presented a three-step approach for assessing information systems at an organization to assure DFARS compliance which included a System Security Plan, a Security Assessment Report, and a Plan of Action.
Clause 252.204-7012 of the DFARS requires defense contractors and subcontractors to do the following:
1. Provide adequate security to safeguard covered defense information that resides on or is transiting through a contractor’s internal information system or network.
2. Report cyber incidents that affect a covered contractor information system or the covered defense information residing therein, or that affect the contractor’s ability to perform requirements designated as operationally critical support.
3. Submit malicious software discovered and isolated in connection with a reported cyber incident to the DOD Cyber Crime Center
4. If requested, submit media and additional information to support damage assessment.
5. Flow down the clause in subcontracts for operationally critical support, or for which subcontract performance will involve covered defense information.
BlumShapiro Consulting presented Security Incident and Event Monitoring (SIEM) tools to simplify logging, auditing and correlating security events, and facilitating timely response to incidents. They reviewed compliance tools to auto-generate system security plans, track plans of actions and milestones, and develop core policies and procedures based upon standardized templates, cybersecurity awareness training, and multifactor authentication. They also shared cloud-based and on-premise options for multifactor authentication and cybersecurity awareness training tools to track and assure compliance across an organization.
“CONNSTEP solved a huge problem for us and helped us bring our delivery rate to 100%. As a direct result of that, we have been awarded with an increase in business which, ultimately, will also benefit (our supplier) Har-Conn.”
“I see great value in the new experiences and perspectives CONNSTEP brings to our business, at reasonable prices. They’re not like consultants, they’re like partners in the business – willing to roll up their sleeves and help.”
“CONNSTEP has proved to be a tremendous resource for ESI. CONNSTEP has helped us to adapt to today’s marketplace and remain a quality minded, competitive global player. Our ISO/TS16949 implementation process was efficient and rewarding. I look forward to our future projects with CONNSTEP.”
“CONNSTEP worked with FuelCell Energy to educate and facilitate Lean initiatives and to help meet our needs to establish an overall production improvement plan. This plan has been utilized over a period of time as a ‘guiding light’ to spur numerous improvements that dramatically reduced our product cost.”
“CONNSTEP is a valuable partner to Hologic, providing the expertise and ‘outside eyes’ everyone needs to keep their continuous improvement on track. We are now well-positioned on a dynamic growth path and look forward to a long-term relationship with CONNSTEP.”
“Our experience working with CONNSTEP has brought us benefits we never expected. It’s a great team to work with!”
“The goals of the team were to reduce manufacturing lead-time, reduce floor space utilized, and increase worker productivity. All the goals were met. CONNSTEP helped us to better compete.”
“The Business Growth Program is working well for us. We enhanced our website following the meetings to improve our SEO and become more visible to search engines. The segment on negotiating … promoted changes in our thinking and improved how we interact with customers. The mentoring between sessions was helpful in boosting our progress.”