Introduction The U.S. government requires safeguarding of Federal Contract Information (FCI) under FAR 52.204-21. Additionally, Controlled Unclassified Information (CUI) must be safeguarded under FAR supplements, such as DFARS 252.204-7012 for the U.S. Department of Defense. Applicability FAR (and FAR supplements, e.g. DFARS) apply to organizations engaging in certain commercial activities with the federal government, as […]
The Federal Information Security Management Act of 2002 (FISMA) is federal law that establishes extensive information security requirements for federal agencies, including that agencies implement a documented information security program that incorporates requirements set forth in IPS 199, FIPS 200, and NIST SP 800-37, 800-53, 800-59, 800-47, 800-60, 800-160, 800-137, 800-137A, 800-18. FISMA’s requirements extend […]
Introduction The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring of cloud products and services utilized by the federal government. FedRAMP consists of two primary entities: the Joint Authorization Board (JAB) and the Program Management Office (PMO). Members of the JAB […]
The CMMC represents the U.S. Department of Defense’s sustained effort to protect Controlled Unclassified Information (CUI) in the defense supply chain. Building on the 110 controls set forth in NIST SP 800-171, theCMMC specifies 171 security practices across five maturity processes. While the CMMC is not part of FAR or DFARS, it will be included […]
The Privacy Act of 1974, as amended, 5 U.S.C. § 552a, establishes a code of fair information practices that governs the collection, maintenance, use, and dissemination of information about individuals that is maintained in systems of records by federal agencies.