- This event has passed.
Webinar: DoD Suppliers – Keeping Up With Changing CUI Cybersecurity Requirements
June 23 @ 11:00 am - 12:00 pmFree
The Department of Defense is changing their cybersecurity requirements for Controlled Unclassified Information (CUI)—again. In this webinar, GENEDGE will provide updates on the latest developments to help your company meet current and future cybersecurity requirements.
Follow here > to view a recording of this webinar.
About this Event:
Join GENEDGE’s Cybersecurity Program Manager as we review the current DFARS 7012 requirement as well as the latest developments on the new Cybersecurity Maturity Model Certification (CMMC) framework.
What is Controlled Unclassified Information (CUI)?
“Covered Defense Information” means unclassified controlled technical information or other information, as described in the Controlled Unclassified Information Registry at http://www.archives.gov/cui/registry/category-list.html, that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government wide policies, and is:
1) Marked or otherwise identified in the contract, task order, or delivery order and provided to the contractor by or on behalf of DoD in support of the performance of the contract.
2) Collected, developed, received, transmitted, used, or stored by or on behalf of the contractor in support of the performance of the contract.
In 2016 the Department of Defense (DoD), through introduction of DFARS 252.204-7012 developed a requirement for their industrial supply chain companies to develop and implement management systems to safeguard covered defense information and cyber incident reporting. This DFARS clause remains in effect today and is required in ALL DoD contracts AND subcontracts that handle CUI. DFARS 7012 requires the contractor to conduct a cybersecurity assessment, identify any gaps, and have a plan in place to remediate any shortfalls. Compliance is accomplished through self-attestation.
Beginning in 2019, the DoD entered the final stages of development for the next generation of CUI cybersecurity requirements—Cybersecurity Maturity Model Certification (CMMC). The primary changes under this new CMMC framework are 3rd party certification (rather than self-attestation) and tiered levels (1 through 5) that align with program security requirements.
The webinar will also cover programs and events offered by GENEDGE to help Virginia’s business maintain cybersecurity compliance to remain competitive in the government contracting market.
GENEDGE recently completed a second year of the DEFENDCUI-VA program which provided grant funding from the DoD and the Virginia Department of Veteran’s Affairs to help Virginia companies meet the DFARS 7012 requirements and improve their overall cybersecurity posture. GENEDGE has created a waitlist and is accepting applications for the third year of the DEFENDCUI-VA program which, if granted by the DoD, will begin in early 2021.