The Defense Cybersecurity Assurance Program (DCAP) supports defense contractors across the supply chain by offering expert cybersecurity training, consulting services and technical assistance. Additionally, a limited amount of grant funding is available for qualifying defense suppliers that need assistance in becoming compliant with DFARs 252.202-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting) using the NIST SP 800-171 (Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations) security guidelines.
Compliance with this Defense Federal Acquisition Regulation is a mandatory requirement for defense contractors who receive Controlled Unclassified Information (CUI).
This seminar includes informational sessions that describe DoD cyber contracting regulations and requirements, resources, and practical tools that your business can use to meet the requirements.
When registering, you have the option to choose which Track of training you feel is best for your situation:
- Attendees should attend Track 1 to learn about the DoD cyber contracting regulations, get an overview of the NIST cybersecurity controls, learn about free self-assessment tools/resources and get an introduction to cyber providers who can help them.
- Attendees should attend Track 2 if they have started a System Security Plan (SSP), developed a Plan of Action and Milestones (POA&M) to close gaps to NIST SP 800-171 and they have an Incident Response Plan (IRP). The leader of this group will answer detailed questions regarding NIST 800-171 controls and describe how those controls can be met at your business.
May 12, 2020 – 8:30am – 4:30pm EST
Purdue University Fort Wayne
Walb Student Union
Fort Wayne, IN 46805
Specific Topics Covered at this Seminar in Track 2
3.8 Media Protection
Media protection is a requirement that addresses the defense of system media, which can be described as both digital and non-digital. Examples of digital media include: diskettes, magnetic tapes, external/removable hard disk drives, flash drives, compact disks, and digital video disks. Examples of non-digital media include paper or microfilm. Media protections can restrict access and make media available to authorized personnel only, apply security labels to sensitive information, and provide instructions on how to remove information from media so that the information cannot be retrieved or reconstructed.
3.9 Personnel Security
Users play a vital role in protecting a system as many important issues in information security involve users, designers, implementers, and managers. How these individuals interact with the system and the level of access they need to do their jobs can also impact the system’s security posture. Almost no system can be secured without properly addressing these aspects of personnel security. Personnel security seeks to minimize the risk that staff (permanent, temporary, or contractor) pose to company assets through the malicious use or exploitation of their legitimate access to the company’s resources.
3.10 Physical Protection
Examples of physical and environmental requirements include: physical access authorizations, physical access control, monitoring physical access, emergency shutoff, emergency power, emergency lighting, alternate work site, information leakage, and asset monitoring and tracking. Companies should limit physical access to systems, equipment, and the respective operating environments to authorized individuals, protect the physical plant and support infrastructure for systems, provide supporting utilities for systems, protect systems against environmental hazards, and provide appropriate environmental controls in facilities containing systems.