Hours of Operation: Monday - Friday, 8:00 a.m. - 4:30 p.m

LogiCore
Phone Icon (256) 533-5789
Facebook Twitter LinkedIn  Follow Us

Call or Email Us
Cybersecurity

Cybersecurity

There are a number of key areas that form the  core of any successful cybersecurity program. Addressing these fundementals is critcal, whether your organization is big or small, or whether its defense-related or a command business. Larger enterprises typically have ample resources available from both a fiscal and human resources perspective, but for smaller companies, this can be a big challenge. Obtaining the expertise needed to achieve this requires a multi-disciplinary approach - a problem for companies with small IT staff and a limited budget.

LogiCore's cybersecurity team is highly credentialed and qualified. As a Prime Contractor in the Defense sector we have a mandatory requirement to meet and maintain stringent compliance and security standards. Our team also has substantial experince in the commerical sector. As Federal and Non-Federal standards continue to align, commercial cybersecurity needs are increasingly coming under more regulatory focus, and in today's hostile cyber landscape, a strong cybersecurity program is as business-essential as ever.

 

Our Cybersecurity Team's Credentials

  • CISSP - Certified Information Systems Security Professional
  • CCISO - Certified Chief Information Security Officer
  • CEH - Certified Ethical Hacker
  • CFE - Certified Fraud Examiner
  • CISM - Certified Information Security Manager
  • CISA - Certified Information System Auditor
  • Certified Third-Party Risk Professional
  • PMP - Project Management Professional
  • CompTIA - Security+
  • MCSE - Microsoft Certified Systems Engineer
  • ITIL V4 certification

Areas of Expertise

  • NIST 800-171 & NIST 800-53
  • System Security Planning (SSP)
  • Policies & Procedures
  • Gap Analysis
  • Goverance
  • Business Impact Analysis (BIA)
  • CMMC Preparation
  • Risk Assessments (RA)
  • Audit & Assessor Preparedness Training
  • Business Continuity Planning
  • Plan of Actions & Milestones (POA&M)
  • Incident Response Prep
  • SOX, PCI DSS, ISO, HIPAA
  • Frameworks & Regulations
Meeting

Cybersecurity For Defense Contractors

Prime Contractors: Every prime contractors is subject to an assessment on NIST 800-171 a compliance by DCMA (Defense Contractor Management Agency). The compliance assessment consists of two stages - a medium-Level assessment and a follow-on High-Level assessment (also known as a High Confidence Assessment).

Note: Because of current government travel restrictions due to COVID-19, most of these assessments are being carried out virtually, but some portions of the assessments are conducted live on-site an assessor.

Being properly prepared for these assessments is crucial. There are 110 NIST controls you will be assessed on and failing to satisfy them results in points being deducted from your overall score. All scores are published in the SPRS (Supplier Performance Risk System) which is the database that federal customers refer to when determining if a contractor is practicing compliance a due diligence. Lower scores may result in not being selected in a competitve bidding environment. It is important to understand what DCMA looks for. It's a lot more than checking boxes and providing generic policies.

Sub-Contractors: Sub Contractors are not subject to government auditing on NIST 800-171a by DMCA at this time (Note: if you prime on any other contract, you will be audited). This does not mean that sub-contractors need not be as prepared as a prime contractor - it is incumbent on every government contractor to meet NIST 800-171a compliance regardless of whether you will be subject to a governement audit. Prime contractors are subject to the flow-down clause which means they are responsible nevertheless for non-compliance by their sub-contractors. This may influence their selection choices for team partners.

Cybersecurity Maturity Model Certification (CMMC): This is changing the compliance landscape substantially. Regardless of whether are a prime ir subcontractor, any company wanting to do business with the government must become CMMC certified. Some new contacts already specify this and eventually, all will. There are five levels and FRP's ad contracts will specify which level must be met. Any contract involving CUI (Controlled Unclassified Information) will need to meet CMMC Level 3 at a minimum. CMMC Level 3 builds upon all of the 110 controls of NIST 800-171 which further substantiates he need to be fully NIST compliant as described above. The CMMC program is still evolving. but the time so start preparing to be certified is now.

For further information, please contact LogiCore.