Call Us Today! (256) 704-0234 |


|Tag: NFO

NFO Controls – “What you Should be Doing Anyway”

In August 2015, NIST 800-171 listed 62 Non-Federal Organization or NFO controls as "expected." Think of NFO as the controls you should already have in place. The additional 62 NIST controls marked "NFO," are not part of the "mandatory minimum." The Government expects them to be satisfied as part of your existing security policy. NFO items include controls covering every NIST category from Access Controls to Systems and Information Integrity -- they also include [...]

By |2018-06-02T16:55:04-05:00March 9th, 2017|Techni-Core Blog|0 Comments

Continuous Monitoring for Peace of Mind

Continuous Monitoring is a piece of the NIST 800-171 rule that frequently gets overlooked as a requirement. There are many reasons for this, but the most frequent is that most companies think, once the security controls are implemented they are compliant. That's not the case. DFARS 252.204-7012 (Implementing NIST 800-171) as well as FAR 52.204-21, once the security controls are implemented, must be maintained. Continuous Monitoring enables information security professionals to see a continuous [...]

By |2018-06-02T16:59:30-05:00March 2nd, 2017|Techni-Core Blog|0 Comments

CUI Regs are Expected in 2017

While no regulations concerning CUI (controlled unclassified information) have come out yet, they are expected in 2017. Agencies like Homeland Security are already changing their own acquisition regulations.  From our perspective as, not only a Defense Contractor but a Compliance Provider, there are certain things we expect to see in those forthcoming regulations. Our expectations are based on a September 2016 National Archives final rule that established a baseline for how contractors and agencies [...]

By |2018-06-02T17:06:45-05:00March 1st, 2017|Techni-Core Blog|0 Comments

2-Factor Authentication and Why it’s Important

If you've been involved in the DFARS 252.204-7012 (Implementing NIST 800-171) process you've seen the wording in the regulation requiring a second layer of defense for your systems -- 2-Factor Authentication or Multi-Factor Authentication (you will see it presented either way, but they are the same thing). Multi-Factor Authentication (MFA) is one of the requirements imposed by  DFARS 252.204-7012 via NIST SP 800-171.  This requirement is familiar to the government network computer users but [...]

By |2018-06-02T17:12:46-05:00February 28th, 2017|Techni-Core Blog|0 Comments

“What Classifies as UCTI?”

DFARS 252.204-7012 (Implementing NIST 800-171) is a hefty regulation to wade through on your own. That's what we're here for! Let's start with the first question burning in your mind, "What is UCTI?" There are two terms thrown around that are synonymous with contact-sensitive, but unclassified information -- UCTI (Unclassified Controlled Technical Information) & CUI (Controlled Unclassified Information). Whether the contact-sensitive information is at rest in your network (data stored in files, databases, emails, [...]

By |2018-06-02T17:16:02-05:00February 27th, 2017|Techni-Core Blog|0 Comments