Cybersecurity Self-Assessment Resource
Download this resource to measure your appetite for cyber risk and to gauge your current cybersecurity status.
.jpg?ext=.jpg)
Top Ten Tips for Defense Contractors
-
Make sure you understand your contract. Does it specify that you will be handling, processing, or storing CUI? Do you understand why CUI is a part of your contract? If not, make sure to ask your contracting officer for details.
-
Isolate CUI as much as you can and also make sure employees who have access to CUI truly need to have that access. This will help define and limit your assessment scope.
-
Even though you may not have a large team, make sure a leader is assigned who is responsible for staying abreast of new cybersecurity compliance rules and regulations
-
Understand your company’s appetite for cybersecurity risk. You can use our resource to help you see where your strengths and weaknesses are currently.
-
When choosing a tool to help you on your compliance journey, look for an auditor module, all NIST SP 800-171 controls, the ability to store policies and evidence, and a link between controls/objects with policies and evidence files.
-
Consider the 4 W’s when using an ERP with CUI – Where is your CUI, Who has access to your cui, what data is being stored, why is the data there
-
Don’t overdo encryption. Consider whether your data truly needs to be encrypted. While encryption can be highly beneficial, it can also be risky if keys are misplaced or personnel changes.
-
If you can remove CUI from a specialized asset (like a machine connected to the Internet of Things (IoT).
-
Consider pursuing an ISO 27001 while pursuing your CMMC certification. Watch this ISO 27001 webinar to learn more.
- Never conduct sensitive communications on untrusted networks.
What questions do you have that have not been answered here? Let us know and we will cover it in a future blog post or webinar.
