Cybersecurity Standards and Regulations

Gain visibility into your cybersecurity stance, including processes, assets and risks. Shift from a mindset of defense to one of mitigate and manage. Then use your cybersecurity stance to build business opportunities and grow trust among your stakeholders, meeting the regulatory requirements for U.S Federal government and other contracts.

DTS services include:

SOC 2 Type 1 • SOC 2 Type 2 • HITRUST • HITECH • CCPA • NIST 800-171 • NIST 800-53 • CMMC • DFARS • ITAR

NIST vs. CMMC: Understand the difference

You may be familiar with cybersecurity requirements but not confidently know where your company falls in the process. DTS can help you calculate your “score” and help you determine how and when to report that number.

You may need to report your number to bid or team on DoD contracts, to lower the cost of cybersecurity insurance, and to establish stakeholder relationships around proprietary information.

NIST SP 800-171

  • A framework for cybersecurity controls
  • Requirements that non-Federal computer systems must follow in order to store, process, or transmit Controlled Unclassified Information (CUI) or provide security protection for such systems
  • 110 Controls (Technical, Policy, and Procedure)
  • Self-certify and report score in the Supplier Performance Risk System (SPRS) 

CMMC: Cybersecurity Maturity Model Certification

  • A standard for implementing cybersecurity across the Defense Industrial Base (DIB) and protecting CUI
  • Based on NIST SP 800-171 standards
  • 3 sequential levels of maturity
  • 14 compliance domains, using a combination of technical controls, policy, and procedures
  • Most Level 2 and all Level 3 will require third-party certification
DTS-Pyramid

CMMC define three cybersecurity maturity levels, ranging from foundational cyber hygiene (Level 1) to expert cybersecurity practices (Level 3). Each level outlines the capabilities, processes, and practices to reduce the risk of a security threat breaching a company’s cybersecurity defenses.

14 Compliance Domains

Access Control
Audit and Accountability
Awareness and Training
Configuration Management
Identification and Authentication

Incident Response
Maintenance
Media Protection
Personnel Security
Physical Protection

Risk Management
Security Assessment
System and Communication Protection
System and Information Integrity

Insights

Article
Government contractors have a critical role in helping the Department of Defense (DoD) secure the Defense Industrial Base. These contractors will need to be…

READ MORE

Open quote

It seems like innovation is happening faster then ever before, that’s because it is. Disruptors are changing the way we think and behave. Those who are the first to embrace it, reap the biggest gains.

Close quote