Technology Solutions for Government Contractors
When you just want it to work
Nothing is more excruciating than trying to run a business and having your IT company ruin your company’s productivity. We are proactive and committed to helping your company become compliant with the latest cyber security requirements.
Not your typical IT company
You want somebody who understands the game. Aptica has the skill set to work with Department of Defense contractors and help them with IT problems unique to their organization.
What You Need to Know About DFARS
As cyber technology continues to expand and evolve, addressing security threats has become an ever-increasing priority for the federal government. Enforcement of “Controlled Unclassified Information” (CUI) protection continues to intensify as private government contractors and other non-federal organizations are continually required to update their security procedures.
In December 2015, the U.S. Department of Defense (DoD) published a FAR (Federal Acquisition Regulations) supplement referred to as the Defense Acquisition Federal Regulation Supplement (DFARS). The DFARS is intended to maintain cybersecurity standards according to requirements laid out by the National Institute of Standards and Technology (NIST).
These standards were constructed to protect the confidentiality of CUI and gives DoD contractors until December 31, 2017 to meet the requirements necessary to be classified as DFARS compliant. Failure to meet these requirements will result in the loss of current contracts.
What are the Requirements?
DFARS details fourteen groups of security requirements, which affect numerous aspects of IT information security. In order to be considered DFARS compliant, non-federal and contractor information systems/organizations must pass a readiness assessment following NIST SP800-171 guidelines.
The summary of guidelines include:
- Access Control
- Awareness and Training
- Audit and Accountability
- Configuration Management
- Identification and Authentication
- Incident Response
- Incident Response
- Media Protection
- Personnel Security
- Physical Protection
- Risk Assessment
- Security Assessment
- System and Communications Protection
- System and Information Integrity
How a DFARS Consultant Can Help
Here’s how Aptica can help your company become DFARS compliant
At Aptica, we aim to help you understand the requirements laid out by NIST and take the proper steps necessary towards properly protecting the confidentiality of CUI, in order to be eligible for DFARS compliance. Our approach follows our Robust Managed Security Services Plan (MSSP) in the utilization of our professional team, detailed processes and successful tools to meet your compliance needs.
Our Security Operations Center (SOC) team of specialists set up alerts to monitor potential threats and promptly remediate any that may be found. We pay careful attention to detail in targeting weaknesses and implementing best practices to maintain security measures in the prevention of future potential threats.
A Security Services Plan will be set in place to collect and analyze data, focusing on events that could be the most impactful to your organization. We use threat intelligence tools designed to organize tasks and execute operations in the most productive way.
The tools we use include, but are not limited to:
- Vulnerability Assessments
- Determines points of weakness where attackers may infiltrate critical systems and secured data.
- Behavioural Monitoring
- Effectively monitors cybersecurity and spots anomalies.
- Intrusion Detection
- Identifies known threats and activities at the point of entry.
- Security Information and Event Management
- Finds patterns of activity in order to detect cyberattacks and place blocks in accordance with compliance guidelines.
Need to comply with DFARS? We’ve got your back!
We know that there is a great deal of trust required when hiring an IT Service provider for your business. Let us have an opportunity to prove ourselves. Contact us today for a free assessment of your network health and IT infrastructure.