By Tyler Hardison, CISSP, Director of Solutions and Innovation, Redhawk Network Security
I recently wrote about how MSPs can help companies prepare for NIST 800-171 compliance. Yet, despite best compliance and security efforts, plans, and procedures, cyber incidents are still part of doing business. Your organization’s data has been breached, or will be at some point. Cybersecurity is often an afterthought or considered too expensive, leaving smaller organizations vulnerable and exposed—when in fact, half of all cyber attacks target small businesses, according to the National CyberSecurity Alliance.
But first, what is a cyber incident? A cyber incident is defined as actions taken through the use of computer networks that result in a compromise or an actual or potentially adverse effect on an information system and/or the information residing therein.
Incident response is one of the 14 requirements outlined in the National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-171—Protecting Controlled Unclassified Information (CUI) in Nonfederal Information Systems and Organizations, and enforced by the U.S. Department of Defense (DoD). If your organization contracts for the government, you must implement all 14 of these security requirements and controls by December 31, 2017. Simply put, if you do not comply, you risk losing your contracts, costing your organization millions of dollars in lost revenue.
Incident Reporting Compliance Requirements
What is your organization doing to prepare for the inevitable? Are you prepared to successfully respond to cyber incidents, whether they stem from malware, denial-of-service (DoS) attacks, stolen passwords, or lost laptops? Don’t panic. Here are the compliance requirements required for incident reporting.
According to NIST SP 800-171 section 3.6, the Incident Response family of security requirements focuses on establishing an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response. You must acquire a medium assurance certificate to access the reporting site. So, this is the first step.
Cyber incidents that impact a system within the scope of Defense Acquisition Regulations System (DFARS) must be reported within 72 hours of detection. To report cyber incidents, you must have a medium assurance certificate. A review must be conducted so that the scope of the compromise can be understood. At a minimum, this review must cover:
Who Should Report and Why?
The DoD has the right to request further information in order to investigate the cyber incident. To this end, the contractor:
What Do DoD Contractors Need to Report?
DoD contractors shall report as much of the following information as can be obtained to DoD within 72 hours of discovery of any cyber incident:
Knowing and implementing the NIST 800-171 requirements—all 14 of them including incident response —is not only a good way to mitigate risk and minimize data exposure but critical to maintaining your organization’s compliance and status with the federal government. Whether your organization needs a risk assessment, help meeting regulatory compliance requirements, or needs complete end-to-end security and network heavy lifting, Redhawk Network Security can help.
As Director of Solutions and Innovation at Redhawk Network Security, Tyler Hardison is responsible for developing solutions for clients with the Solutions Architect team. He is also responsible for leading Redhawk’s innovation and developing new service solutions. Tyler is also responsible for leading the development team on the CyberSecurity Portal. Tyler is a 12-year veteran of technology management in the financial services industry. Rising from helpdesk to become CIO of a $3 billion Credit Union in California, Tyler has been at the forefront of the regulatory changes and the tools necessary to keep up. Tyler has a CISSP and is a PCI Qualified Security Assessor.