DoD Releases Inspector General Report on Safeguarding CUI
Lawsuits brought by the Government against contractors not protecting Controlled Unclassified Information (CUI); a DoD Inspector General Report citing DoD Contractors did not consistently implement DoD-mandated system security controls for safeguarding Defense information; the introduction of the Cybersecurity Maturity Model Certification process by the DoD. Starting to get the hint that not only is protecting CUI important to defense contractors, but the Department is starting to get serious about making sure they do.
The recent DoD IG report released July 23, 2019 found that DoD Contractors did not consistently implement DoD-mandated system security controls for safeguarding Defense information. In the small sample of contractor’s they randomly surveyed (9 out of 12,075) they identified deficiencies related to:
using multifactor authentication;
enforcing the use of strong passwords;
identifying network and system vulnerabilities;
mitigating network and system vulnerabilities;
protecting CUI stored on removable media;
overseeing network and boundary protection services provided by a third-party company;
documenting and tracking cybersecurity incidents;
configuring user accounts to lock automatically after extended periods and unsuccessful logon attempts;
implementing physical security controls;
creating and reviewing system activity reports; and
granting system access based on the user’s assigned duties.
Not to brag or anything, but Ascolta’s Greenfield Environment was specifically designed for NIST SP 800-171 compliance and either technically addresses these concerns outright or provides easy to implement guides to meet personnel and process issues. Find out more here.