Exostar Announces Solution to Facilitate Contractor Compliance with Latest DoD Cybersecurity Rules
Exostar announces Partner Information Manager, its risk management solution, empowering defense contractors with the capabilities needed to manage DFARS regulations for Covered Defense Information, based on NIST SP 800-171.
HERNDON, VA, April 20, 2016 – Exostar, whose cloud-based solutions help companies in aerospace and defense, life sciences, and healthcare mitigate risk and solve their identity and access challenges, today announced its risk management solution now empowers defense contractors with the capabilities they need to manage Defense Federal Acquisition Regulations Supplement (DFARS) 252.204-7008, “Compliance with Safeguarding Covered Defense Information Controls.”
The Department of Defense (DoD) issued its second interim rule in December 2015, giving defense contractors until December 2017 to fully comply with DFARS 252.204-7008. The heart of this DFARS provision is non-deviation from the security controls identified in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.”
The compliance challenge defense contractors face is magnified because the scope of reporting and enforcement extends beyond their enterprise boundaries to include flowdown to their multi-tier value chains of subcontractors and suppliers. For all new contract awards, contractors and their partners have 30 days to submit a gap analysis and action plan to the DoD Chief Information Officer.
Exostar has augmented its risk management solution to include a questionnaire that accounts for all of the 14 security control families and over 100 individual security controls found in NIST SP 800-171, as required by DFARS 252.204-7008. DoD contractors can distribute the questionnaire simultaneously to all of their subcontractors and suppliers, using the solution’s dashboards to track and manage completion progress and receive compliance assessments and scores in near real-time.
“We envision relying on Exostar’s risk management solution to track both overall cyber risk and DFARS compliance throughout our supply chain,” said Jeff Brown, Vice President and Chief Information Security Officer at Raytheon Company. “It will also be an easy way for suppliers to document their compliance in a single, secure system.”
Access to the risk management solution is controlled by Exostar’s identity management platform, whose certificates are trusted by the DoD, assuring organizations and individuals their sensitive information is protected from compromise. This architecture offers an added benefit to suppliers and subcontractors, who have the option to complete the compliance questionnaire one time and share it with multiple buying organizations as part of their DFARS reporting and compliance initiatives.
“These enhancements to our risk management solution address an immediate, acute, high-profile compliance challenge for defense contractors that has the potential to impact customer engagement and revenue,” said Vijay Takanti, Exostar’s Vice President of Security and Collaboration Solutions. “The solution also offers a longer-term value proposition. By streamlining the subcontractor and supplier evaluation process, lessening the burden on these partners, and increasing the visibility and control of business-critical information amongst all parties, our solution strengthens relationships and security, reduces cost, and identifies vulnerabilities that mitigate risk.”
BAE Systems, The Boeing Company, Lockheed Martin, and Raytheon Company all have committed to use Exostar’s risk management solution to help them assess and mitigate risk while meeting DoD cybersecurity compliance mandates.