On 4 Apr 2017, NCS hosted a legal educational round table event with Industry featuring Holland & Knight. Topics included:
1. Compliance with Department of Defense Cybersecurity and Incident Reporting Requirements
Beginning in 2013, the Department of Defense imposed specific requirements on contractors (and subcontractors) that maintain information systems relating to compliance with National Institute of Standards and Technology (NIST) cybersecurity standards and prompt reporting of cyber security incidents. These requirements apply to unclassified systems that contain or permit access to sensitive unclassified information and can be overlooked by contractors. This discussion will provide an overview of the Defense Federal Acquisition Regulation Supplement (DFARS) requirements and some important "lessons-learned" based on real-world matters Holland & Knight has handled for a number of clients.
2. Effective Insider Threat Programs
The Defense Security Service (DSS) requires all cleared contractors to have Insider Threat Programs. While this requirement can be viewed as impacting only classified work, the most effective Insider Threat Programs encompass an entire organization. Presenters will outline DSS requirements and discuss best practices for designing and implementing an Insider Threat Program.
In case you were unable to attend, the briefing charts are attached for your review.