New Cybersecurity services for the Aerospace&Defense supply chain of the US Department of Defense.
The innovation and technological progress that is investing the whole modern society, has made IT systems, IoT connections, Big Data, and Cloud services more and more important. Together with the benefits of the introduction of new technological solutions for the benefit of society, however, data protection insecurities arise due to the increasingly frequent and complex cyber-attacks.
Among all the sectors involved, the Aerospace sector is proving to be increasingly sensitive to information security issues, both because it is highly regulated and because of the strong need to manage IT assets with particular attention in order to protect them from external attacks.
New Cybersecurity Assessment obligations
The American Department of Defense recently introduced for its entire supply chain additional assessment obligations according to DoD AssessmentMethodology and Cybersecurity Maturity Model Certification framework, in order to verify the correct implementation of cybersecurity requirements, to evaluate and improve the information security level within the entire supply chain of the Department.
More recently, DFARS 252.204-7012 was issued to ensure compliance with information security requirements. In accordance with this, as of 30 November 2020, DoD contractors will be required to include two new DFARS, 252.204-7019 and 252.204-7020, in all solicitations and contracts, with the exception of COTS (Commercial-Off-The-Shelf) articles, requiring contractors to have and maintain an assessment score using the DoD NIST SP 800-171 assessment methodology.
These obligations flow through the entire DoD supply chain and 252.204-7020 provides that contractors may not award any subcontracts subject to NIST SP 800-171 for 252,204-7012 unless the subcontractor has completed at least one baseline assessment in the last three years.
How can Kiwa support you?
Recognising the importance of supporting companies in the aerospace and defense sectors in carrying out sector-specific assessments with the credibility that only an independent Third Party Certification Body can guarantee, Kiwa Italia has introduced a package of services dedicated to the sector that consists of assessments, IT tools to support the detection and monitoring of risks with a view to attack prevention: StructuredCyberRisk Evaluation & Assurance.
These tools designed to support organizations address cyber security through a horizontal, transversal and functional approach, which through a precise evaluation and analysis of data and IT assets, aims to provide a credible feedback on the actual degree of cyber-attack risk and identify the degree of control of the identified risks.