DFARS Compliance Solutions
Flexible Data Security and Regulatory Compliance Solutions for Your Business
Safeguarding of Unclassified Controlled Technical Information (UCTI)
Cybersecurity attacks are ever increasing for the aerospace and defense industries resulting in a new security clause requirement for all new DoD contracts and subcontracts: DFARS clause 252.204-7012 to safeguard Unclassified Controlled Technical Information (UCTI).
Two Main Compliance Components of DFARS 252.204-7012
- DoD and its contractors and subcontractors must provide adequate security to safeguard DoD unclassified controlled technical information resident on or transiting through their unclassified information systems from unauthorized access and disclosure.
- Contractors must report to DoD certain cyber incidents that affect the protected.
What is the definition of UCTI?
Controlled technical information is defined as technical data or computer software (as defined in DFARS 252.227-7013) with military or space application that is subject to controls on the access, use, reproduction, modification, performance, display, release, disclosure, or dissemination. The clause further specifies that controlled technical information is to be marked with one of the distribution statements B through F, in accordance with DoD instruction 5230.24, Distribution Statements on Technical Documents at http://www.esd.whs.mil/DD/
Phase I: Scoping and Readiness Assessment
- Assessing your environment for all origins of unclassified “controlled technical information”, which includes examining all data flow lifecycles, relevant information systems, personnel, third-party entities, and other critical subject matter.
- Comprehensive review of all mandated DFARS UCTI information security policies and procedures and supporting processes and practices as mandated within NIST SP 800-171. Specifically, this includes examining all relevant cybersecurity and operational internal controls and processes, those applicable to both DFARS UCTI, but also for best practices.
- Identifying all critical gaps and deficiencies – such as policy documentation to actual process improvements, and more – as mandated for DFARS UCTI compliance.
Phase II: Remediation
- Developing highly-customized, well-written, and comprehensive information security and operational specific policies, procedures, and other applicable DFARS UCTI mandated documentation.
- Working with organizations for ensuring all necessary processes and practices are also implemented for successfully aligning with newly developed policy documentation.
- Ensuring a true “cultural change” takes place for adopting all new policy documentation and practices as necessary.
- Outline a Plan Of Action and Milestones (POA&M) for tracking mitigation of cybersecurity program and system-level findings/weaknesses.
A Message from Bill Smith
Our agents are highly trained in their respective fields; licensed, bonded and insured, and possess the requisite requirements of at least ten years of senior level management experience, primarily with federal law enforcement agencies. Our firm is the security consulting firm for the State of Connecticut and provides discreet, confidential investigative, security and forensic services for a number of Fortune 500 companies.
Contact us by telephone at 866-629-3757 or e-mail with questions or specific service requests. We look forward to hearing from you.