AFCEA Augusta-Fort Gordon Chapter Course: Cyber Incident Response and Reporting Under the Department of Defense Federal Acquisition Regulation Supplement (DFARS) Rules
Monday, August 16, 2021: 1:00 PM - 2:00 PM
The Controlled Unclassified Information (CUI) security controls described by National Institute of Standards and Technology (NIST) Standards Publication (SP) 800-171 require that contractors have an incident response capability.
The DFARS rule also imposes cyber incident reporting as well. Both of these subjects, incident response and cyber incident reporting, are likely areas where contractors will struggle both in getting their Cybersecurity Maturity Model Certification (CMMC) certification and actually complying with their contracts. There are other bombshells and landmines in these requirements as well. As they often say, the devil is in the details.
This presentation will likely be like no other CMMC presentation you have attended. You will certainly want to attend to better understand all the nuances in DFARS 52.204-7012(c), (d), (e), (f), (g), and (h).
What is a cyber incident? Did you even know there was a reporting requirement? How will you determine if you have compromised Covered Defense Information (CDI) or computing devices? How will you create the images that you are required to create of infected systems? How will you protect your data rights and other intellectual property should DoD request copies of those image or require access to your assessment data even though it contains intellectual property or other kinds of confidential data that you have never before provided to DoD?
This and much more are the subjects of this presentation.
Approved for 1 CompTIA CEU: A+, Network+, Security+, Cloud+, CySA+, Linux+, and CASP+; 1 GIAC CPE; 1 CertNexus CFR CEC