Have Your Security Requirements Been Satisfied?
Are you a currently being tasked with becoming FIPS 140-2 validated by the end of the year? Wait, what is FIPS 140-2? Trust us; we know when you mix government and IT acronyms everything gets confusing.
FIPS stands for Federal Information Processing Standard Publication. It is a U.S. government computer security standard used to approve cryptographic modules and the requirements that IT products should meet for Sensitive, but Unclassified use. You, like many of our clients, are currently facing this compliancy head-on. Protecting Controlled Unclassified Information in Non Federal Information Systems and Organizations is required for sale of products implementing cryptography to the Federal Government. Are you listening now?
The Executive order is where it all starts, the Safeguarding CDI 252-204-7012 is the DFARS requirement, the NIST 800-171 is all the controls that must be put in place for government contractors. The deadline for compliance is upon us! You have less than 6 months to perform the necessary action; December 31st, 2017 is the day of reckoning with DFARS Section 252.204.7012 and NIST SP 800-171 (Which requires FIPS 140-2 as a control.)
If you fail to comply, the consequence would be essentially equivalent to being blacklisted as a contractor: I.E. not being awarded new contracts or allowed to bid on new RFPs while in non-compliance. Perjury and an audit could result in fraud. No organization wants to be in this position come January 2018.
We are currently helping many clients through this transition. As an organization that is currently completing compliance training, we know that this process can be taxing and costly on organizations. We are happy to share our knowledge or assist you through this process as well by helping your IT team meet this important but looming deadline.
Candice Cobb works alongside ABS’ Commercial clients to solve some of their largest and most difficult business challenges. She works daily to provide value by staying ‘in the know’ when it comes to the latest IT trends, compliance requirements and the innovative solutions to solve some of today’s toughest problems.