As of December 31, defense contractors that maintain Controlled Unclassified Information must meet DFARS cybersecurity standards or risk losing their contracts. To comply with the new cybersecurity standards, contractors and suppliers have to meet key requirements, most notably implementing controls from the National Institute of Standards and Technology.
Scott Schlimmer of consulting firm Cybersaint Security and Bill Brennan of Leidos write about what that involved at Leidos and at various Cybersaint clients.
Leidos required changes to policies, procedures, services and, in some cases, IT and security infrastructures. Some compliance involved updating documentation while others required new cyber defense tools.
By contrast, one prospective CyberSaint client stated that his company was considering not implementing any of the DFARS cybersecurity requirements and is content to just “see what happens.” Schlimmer does not recommend this approach.
