- Business Process Transformation
- Change Management
- Configuration Management
- New Product Introduction
- Product and Service Synergies in Mergers, Acquisitions and Divestitures
- Product Lifecycle Management
- Product Portfolio Management
- Responsive Web Design
- Secure Collaboration
- Strategic Roadmapping
- Web & Software Development
- Value Stream Mapping
Where to Start?TransR Corporation is on standby!
Any enterprise business decision is a big decision. TransR's support is 24/7, and we are here to help.read more Get FREE Quote
TransR Compliance Solutions:DFARS Clause 252.204-7012
Safeguarding Covered Defense Information (CDI) and Cyber Incident Reporting
Does DFARS Clause 252.204-7012 Apply to You?
Use CDI COMPLY™, TransR’s DFARS Clause 252.204-7012
Register for the Nov 28, 2018 Free Webinar
Critical conversations for Sr Management with their responsible staff re: System Security Plans
The deadline for compliance to DFARS Clause 252.204-7012 was December 31, 2017 for all companies doing business with the DoD. If you perform work with DoD, Prime or Subcontractor, and you generate or receive Covered Defense Information, this DFARS clause applies to you. It's time for Corrective Action!
If you possess a DoD subcontract, your company has already or soon will receive a letter from your Prime Contractor like the sample depicted in the graphic.
CDI COMPLY™, TransR's proprietary methodology and toolset, leveraged by our expert resources, will help you attain compliance to safeguarding CDI and cyber incident reporting.
Among the most onerous of the subject DFARS clause elements is the assertion that the covered contractor information system shall be subject to the security requirements in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations”. This publication alone has 14 distinct categories, totaling 109 requirements, some basic and some derived. These CUI requirements must be mapped to the relevant security controls in your organization's System Security Plan (SSP).
TransR makes it easy to identify gaps and discuss corrective action with pertinent management and individual contributors. All our toolkits used in CDI COMPLY™support dashboards as depicted in the graphic with the 14 categories. Our goal is to empower your company to achieve and maintain compliance.
In our experience, there are four company maturity levels with respect to DFARS Clause 252.204-7012 compliance:
- Aware, but unsure of the full scope and applicability to their company
- Aware, but requiring supplemental resources to augment existing staff to meet the deadline
- Fully compliant
Regardless of your company's maturity level, TransR provides custom solutions from Total Project Responsibility to on-going Preventative Maintenance!
Below are links to the actual DFAR Clause 252.204-7012 and NIST.SP.800-171. Potential consequences of non-compliance include:
- Termination for Convenience
- Termination for Default
- Obligation to fulfill the contract terms with payment withheld until compliance with DFARS Clause 252.204-7012
DFARS Clause 252.204-7012 requirements can be summarized as follows:
- Safeguard covered defense information (NIST.SP.800-171 compliance)
- Report cyber incidents
- Submit malicious software
- Preserve affected media
- Support forensic analysis
- Support damage assessment
- Flow down the clause to subcontractors as applicable
We’ve established a repeatable process to achieve compliance, and aggressively manage the execution of the structured tasks in our plan. And lastly, without sufficient project governance from the executive team through to the SMEs, continuity falters, and definiteness of purpose wanes. For a business process transformation project of this importance, the opportunity cost is unacceptable, and we strive to ensure success through proper project governance.