Practical Advice or Practical Magic for CUI/DFARS
Many contractors that are currently working with defense or federal organizations are completely overwhelmed with the multiple requirements and standards that need to be met prior to the Controlled Unclassified Information (CUI) December 2017 deadline. Some contractors have just recognized this requirement. Others are struggling with the tight timeline, their internally constrained resources, and there are many still facing unique questions specific to their business and its mission. Finally, there are those that are seeking practical advice as well as some magic.
Recently, EmeSec published a second e-book, titled #SimplifyCUI: Countdown to Compliance.
This second e-book was written specifically for those companies realizing the deadline at the last minute and looking to put their best foot forward to meet the requirements. Countdown to Compliance focuses on practical tips for meeting CUI and Controlled Technical Information (CTI) requirements of FARS and DFARS by the looming December 2017 deadline or within the 30 days of a new contract award.
EmeSec recognizes CUI and DFARS 7012 compliance is especially challenging for privately held companies, small businesses, and those organizations that do not have large information technology departments. Many “conventional” thinkers and established consultants seem to push forward technologies to solve compliance gaps but this approach often ends up costing more in the short and long-term. Often the one-size-fits all solutions that seek to establish “best practices” which may or may not be a euphemism for more spending. What’s more, accomplishing the requirements is often a process that requires customized and adaptable strategies and reviews of business processes, personnel policies, and overall technology usage, in addition to IT solutions.
Another point that off-the-box solutions miss is that most small and medium sized businesses (SMBs) have CEOs and IT leaders charged with expanding (digital) services, growing revenue while trying to meet consistently evolving cyber and compliance requirements. In particular with CUI and DFARS 7012, EmeSec has found that our SMB customers struggle most with the technical and operational requirements such as audit logging, network monitoring, vulnerability scanning, and trusted insider issues.
Enterprise solutions for these technical and operational requirements are available and often in modular formats, which is helpful, but the price points are based on larger organizational budgets. For example, many times sales engineers eagerly suggest a monthly number consisting of 4 digits. The perception is that the SMB has no other alternative except for hiring more labor or leaving the marketplace.
For EmeSec, we have spent a large part of the past year, helping our customers look for, pilot and address both the costs of compliance as well as new solutions without compromising effectiveness and their end-goal. Our #SimplifyCUI subscription service, which has been nationally recognized by the Golden Bridge Awards and the American Business Association as a leading security service, is about finding new solutions at more affordable price points.
To supplement our strategic guidance with rapid implementation capability, EmeSec has been evaluated a tool that we’ve promoted to some of our clients where it has made sense based on the size, infrastructure architecture, and corporate due diligence process and capabilities of the organization.
This product is the NeQter Labs Core Module. The product is delivering consolidated security control capabilities at a flat rate with the ability to gain a breadth of operational services to meet specific security controls at the flip of a switch. The tool includes metrics and can serve networked devices in an easy install, monitor, and alert methodology.
There’s still time to evaluate other suitable products, but this early adopter of the requirements at its price point (Call them) is worth an evaluation. No solution is a silver bullet but for the SMBs I know tackling CUI and DFARS, this a practical solution that’s practically magic!
We liked it, we are using it, and we would like to hear how it works for you.
Maria C. Horton
Contact EmeSec at firstname.lastname@example.org to find out how best to keep falling behind or how to prioritize your issues for meeting both your internal deadlines and the external compliance deadlines. We craft custom strategies to help SMBs stay ahead of security and compliance requirements and protect their growth engines (revenue).