JAMIS Software

Search Icon View Demo

MENUMENU
  • Products
        • JAMIS Prime ERPProduct Overview
          • Project Accounting & FinanceCost Accounting For Government Contractors
          • Time and Expense ManagementTimesheets, Time Off Management, and Expense Reporting
          • Customer Relationship Management (CRM)Opportunity Lifecycle Management
          • Asset ManagementFixed Assets, Depreciation, and Government Property Management
          • Contract ManagementContract Lifecycle Management
          • Business Planning SuiteBid & Proposal, Budgeting, and Forecasting
          • Distribution ManagementRequisitions, Purchasing, and Inventory Management
          • Dashboards & Business IntelligenceReal-time Reporting, Inquiries, & Dashboards
        • JAMIS HCMProduct Overview
          • Human Resources ManagementHR, Recruiting, Onboarding, Benefits, Compensation, and Learning
          • Payroll ManagementDomestic & International Payroll, & Outsourced Tax Services
        • Industry Specific EditionsProduct Overview
          • Manufacturing EditionProject Manufacturing built for federal government contractors
          • Nonprofit EditionGrant management for federally-funded nonprofits.
        • Company Size
          • Small Business
          • Enterprise BusinessScalable and full-featured solutions for mid-to-large organizations.
  • Services
    • Implementation Services & Consulting
    • Customer Support
    • JET - JAMIS Education & Training
    • JAMIS Cloud Services
    • System Customization
  • Resources
        • Get the JAMIS edge in Government Contracting

          JAMIS is a true cloud ERP system that breaks down barriers and helps drive collaboration and knowledge-sharing across your organization, so your people can do what they do best.

          Why JAMIS?
          DCAA Compliance
          Security

          Resources
          • Webinars & Videos mega menu arrow
          • Whitepapers mega menu arrow
          • Prime Insights Blog mega menu arrow
          • Datasheets mega menu arrow
          • Customers mega menu arrow
          FEATURED CONTENT
          JAMIS Prime 7.0 Release

          JAMIS Prime 9.0 Release

          JAMIS Software Corporation announces the launch of Version 9.0, delivering major enhancements in financials, manufacturing, mobility, and cybersecurity to help customers boost efficiency, collaboration, and control.

          Learn more mega menu arrow

  • Events
    • GovCon Webinar Series
  • Company
    • About JAMIS
    • Company News
    • Management Team
    • Partners & Affiliates
    • Careers
    • Office Locations
  • Contact Us

New Cybersecurity Guidance Regarding Unclassified Information for Government Contractors

Posted by JAMIS Software on October 11, 2016

cyberscurityIf you think the government is only concerned about protecting classified information, you can think again.  Recent hacks and breaches have brought on additional executive legislation regarding Controlled Unclassified Information and Improving Critical Infrastructure Security (Executive Order 13556 and 13636 respectively).  In response to these Executive Orders, new guidance has been issued.

  • National Institute of Standards and Technology (NIST) Special Publication 800-171: Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.
    • This publication gives contractors guidance in implementing security controls and protecting Controlled Unclassified Information.
  • DFAR 252.204-7012: Safeguarding Covered Defense Information and Cyber Incident Reporting.  Additional guidance was also issued in DFAR  204 – 2008, 252.204-2009 and 252.204-7010.
    • DoD issued new guidance in Safeguarding Covered Defense Information and the reporting of Cyber Incidents. These publications also reference NIST SP 800-171.
  • Promised future OMD and additional DFAR issuances regarding Improving Cybersecurity.

You may have noticed the DFAR clauses added to your contracts in recent MODS.

What does this terminology mean?

Below are definitions directly from the publications

Controlled Unclassified Information (CUI):  Any information that law, regulation or government wide policy requires to have safeguarding or disseminating controls, excluding information that is classified under Executive Order 13526.

Covered Defense Information (CDI): Unclassified information that is 1) provided to the contractor by or on behalf of DoD in connection of the performance of the contract or 2) collected, developed, received, transmitted, used, or stored by or on behalf of the contractor in support of the performance of the contract and falls within the categories listed in the clause.

Covered Contractor Information System:  an information system that is owned or operated by or for, a contractor and that processes, stores or transmits covered defense information.

When do these regulations go into effect?

According to DFAR 252.204-7012, “…as soon as practical, but no later than December 31, 2017.”  It goes on to specify that “the Contractor shall notify the DoD CIO… within 30 days of contract award, of any security requirements specified by NIST SP 800-171 not implemented at the time of contract award.”

How could these regulations impact my contracting business?

A breach or cyber incident will require immediate reporting of the breach that occurred.  There could also be termination of existing contracts or decline of future contracts due to lack of compliance.  To say the least, this would lead to operational and financial difficulties.  Contractors are also required to ensure their subcontractors compliance.

There will also be the additional costs of compliance to consider which could be substantial.  There are discussions in the government as to whether these costs will be directly billable to the contracts affected.  No determination has been made as of the date of this article.  Keep in contact with your PRIME as well as your government agency to learn of the final decision.

What should I do?

  • Review current contracts and future contract opportunities to determine where CUI and CDI exist and where the MODS adding DFAR 252.204-7012 have been added.
  • Evaluate current controls to determine whether compliance is in line with the new regulations.
  • Develop a plan to implement needed controls.
  • Talk to your PRIMES/Government Agency to see if they have any guidance regarding these regulations.
  • Involve Cybersecurity experts to help access controls, compliance requirements and future needs/costs.

To find out more about how JAMIS Cloud Services can help your organization prepare for these challenging federal compliance standards, contact us today at info@jamis.com.

JAMIS is a proud to partner with Hall Albright Garrison & Associates, P.C. (HAGA). For more information about HAGA, visit the firm’s website here.

Topics: Blog

Welcome!

Previous Posts:

Fully-Integrated Quality Management Software to Connect Quality Control with Projects, Operations, and Finance

Turn Your Financial Data Into Useful Business Insights

3 Key ERP Automation Tools That Can Improve Operational Efficiency and Decision Making

Production Costing with Production Orders – Understanding True Profitability for GovCon Manufacturers

facebook twitter youtube linkedin
Copyright © 2023 JAMIS Software Corporation. All rights reserved.
JAMIS Headquarters | 6688 Gunpark Drive, 2nd Floor, Boulder, Colorado 80301
Legal | Sitemap
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Reject
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT