The DoD CIO mandated that all Federal contractors and subcontractors comply with NIST 800-171 or they will be ineligible to receive DoD contracts. The DoD is getting serious about contractors protecting Controlled Unclassified Information (CUI) on contractor IT networks. Contractors need to take action not only to get compliant but to secure IT operations protecting business operations from disruptive activity.
Within the Federal government, cyber security is a hard problem. Increasing security posture is critical with low FISMA scores and lack of progress in securing many organizations. The Federal government is relying on commercial services and technologies to help achieve compliance and hopefully achieve cyber resilience. Many agencies partner with Federal contractors to store, process and transfer CUI information with on-premise and cloud environments—a mission critical shared risk for the Federal government and contractor service providers.
So how do organizations at Federal, state, and local levels, or enterprise business environments, comply with these complex mandates? This task is often overwhelming, and the solution is often bringing in expensive outside consultants to conduct a gap analysis over many months. The output is a long list of urgent actions to accomplish again this year just like last year—not helpful.
The solution can be simpler with automation. The first step to effective security is to begin with a well-planned Cyber Strategy focusing on both compliance and cyber resilience in parallel.
Achieving compliance is not only one of the first steps, it’s the law.
This is why BAP is pleased to announce our partnership with LP3 delivering a comprehensive solution automating compliance checks significantly reducing manual control analysis. Automated continuous monitoring enables an organization to get ahead of compliance and address both internal and external threats.
LP3 teamed with BAP to automate continuous monitoring tasks with an estimated 70% reduction in labor, infrastructure, risk management cost. The partnership offers innovative technology and processes automating alignment between compliance and operational security controls. Our active enterprise and system dashboard view enables accountable enterprise security under governance control. Security compliance dashboards, updated hourly with NIST 800-53 control status, provide near real time gap analysis with event mapping to individual controls. Key technologists can drill down from an enterprise view, to a system view, or down to specific control activity to take immediate and targeted mitigation actions.
Federal leaders can see real time security posture on individual programs—real accountability.