Understanding the OASIS+ Cybersecurity Requirements

OASIS+ is here! It will provide the first highly visible test of the contracting community’s response to the call for more rigorous cybersecurity.

Recorded August 10, 2023

Read the requirements of OASIS+, and you’ll see that your company needs pre-award C-SCRM – proof of your cybersecurity compliance. These requirements are the same ones that are currently necessary for all government contracts and are equivalent to CMMC Level 1.

What does that mean for your company? You should have a Cybersecurity Plan that provides documentation for how you meet 15 FAR security requirements, which are the same as 17 CMMC Level 1 minimum security controls.

Derek Kernus, Director of Cybersecurity Operations at DTS, and Mike Lombardi, Information System Security Manager for DTS, explain the requirements in plain language and discuss a few ways these minimum requirements can be handled internally – saving thousands of dollars.

They’ll cover:

  • An easy-to-understand overview of OASIS+ security requirements from FAR 52.204-21―Basic Safeguarding of Covered Contractor Information Systems, and how they are the same as the 17 minimum security controls required for CMMC Level 1
  • Documenting compliance and what’s involved in writing a cybersecurity plan
  • Do-it-yourself options
  • 3 signs that you may need outside help
  • Timing: How long does it take to write a cybersecurity plan?
  • Key dates for OASIS+
  • How early compliance can be used as a competitive advantage
  • Audience Q&A

Please register to gain access to the webinar.

Featured Resources

To safeguard sensitive national security information, the Department of Defense (DoD) launched CMMC 2.0, a comprehensive framework to protect the defense industrial base from…


Open quote

For flagship programs that are too important to fail, a small investment in policies, controls, and oversight can result in significant cost-savings and efficiencies.

Close quote