Approved for 1 CompTIA CEU: A+, Network+, Security+, CASP; 1 GIAC CPE
This session will discuss what's clear and what's ambiguous in the interim rule now in effect as a result of DFARS Case 2013-D018 - Network Penetration Reporting and Contracting for Cloud Services. While 400 or so cleared contractors have been operating under comparable requirements, this new rule expands the universe to more than 10 thousand DoD contractors to align their systems to the NIST 800-171 set of controls. The two questions we will attempt to answer is: what is "covered defense information" in this context and what is a contractor's responsibility for that information up and down the supply chain?