Business - Oct 3, 2018
Federal contractors are held to extremely high information security standards. With the recent introduction of new “Basic Safeguarding” standards for contractor information systems, many firms will find their contracts with the federal government terminated unless they can verify compliance.
The new rules will apply to contractors working with federal agencies including the Department of Defense, General Services Administration, and NASA. Various requirements for ensuring compliance are now spelled out in the Federal Acquisition Regulation.
Fifteen new specifications have been spelled out in six categories:
Access Control
Information systems access should be limited to authorized users, processes that act on behalf of those users, or devices – which can include other information systems.
Identification and Authentication
Information systems access should be limited to authorized users, processes that act on behalf of those users, or devices – which can include other information systems.
Media Protection
Organizations must limit to authorized personnel only the physical access to information systems, their equipment, and the operating environment involved.
Physical Protection
System and Communication Protection
System and Information Integrity
ISSQUARED offers two managed security services to help organizations meet these requirements:
Understanding Managed SIEM
Timely notification of critical security events is the key focus of the SIEM. Managed security services make it possible to leverage existing virtualized architecture to host the SIEM without having to deploy in-house expertise for building, managing, and maintaining it.
With compliant managed security services, key services like reporting, alerting, configuring, and fine-tuning related functionality are performed by experts. This cost-effective, OpEx-focused model furnishes capabilities at a small fraction of what in-house expertise would cost.
Understanding SOC as a Service
Most compliance standard have at their core a strict monitoring requirement – that is, a cybersecurity expert must periodically review event logs. Managed security services help you to scale this intensive requirement at a reasonable cost via an outsourcing model.
When comparing SOC vendors, it’s essential to focus on those with U.S.-based operations and staff. Due to the sensitive nature of so much federal contractor data, regulations may bar you from using managed security services that are based in other countries.
When you approach regulatory compliance challenges from the perspective of managed security services, you can reach and maintain world class standards. Doing so does not require capital outlay, costly hiring, or a resource-intensive recruitment process.
With ISSQUARED, your new compliance and reporting capabilities can be up and running fast.
Related stories
Cryptocurrency Mining Malware Abuses 4000 Websites
February 12th, 2018Four things you don’t know about cybersecurity
January 29, 2019Preventing Information Security Breaches
Sep 26, 2018The Future of Security Is Already Here
April 3, 2019Let’s Talk about SD-WAN for Critical Network Redundancy
May 1st, 2019Data Breaches Costs and Impacts
January 29, 2019Stay in the Know with Our Newsletter