Due to a flood of feedback form government contractors, the Department of Defense has pushed back some timelines for implementation of 2 factor authentication on systems that have access to CUI (Controlled Unclassified Data) data. They were originally going to force all contractors with access to CUI to implement 2 factor authentication access to the network. Fortunately, you now have a little breathing room.
Here is what you need to know:
- After pushing the deadline for implementing 2 factor authentication back 9 months, DOD has pushed it even further, until December 31, 2017
- You are still required to do a Risk Assessment against NIST 800-171 (which is meant to replace 800-53). You must have a remediation report and be working your priority list.
- In most cases you have 30 days from the time the contract is awarded to give your contract liaison the list of what areas need to be strengthened, identified from the Risk Assessment. This is true with MDA and some other organizations. (Please do not send in plain text)
- You should check your contracts for individual language pertaining to your required data protections.
F1 Is trained and skilled at performing DFARS risk assessments as well as creating policies that will help put you further into compliance. Please feel free to contact Jennifer VanderWier if you have any questions about any of these security topics.