info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 1

Thank you for registering for today’s webinar!The presentation will begin shortly.■

■

□

■

□

■

■

Thank you for your patience and we hope you enjoy the webinar!

Department of Defense NIST Requirement: The Deadline is Approaching

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2

▾ VI

EW >

MA

STER

> R

IGH

T-C

LIC

K >

DU

PLIC

ATE

LA

YOU

T >

DO

UB

LE-C

LIC

K T

HIS

IMA

GE

TO

REP

LAC

E ▾

Department of Defense NIST Requirement: The Deadline Is Approaching

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 33

Today’s Presenters

3

Travis MillerAssent ComplianceGeneral Counsel

<insert headshot>

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 44

Agenda

1 Introduction to Assent

2 Due Diligence in DFARS

3 DFARS Focus on NIST Cybersecurity

4 The POA&M and SSP

5 Supply Chain Elements

6 Questions

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 5

▾ VI

EW >

MA

STER

> R

IGH

T-C

LIC

K >

DU

PLIC

ATE

LA

YOU

T >

DO

UB

LE-C

LIC

K T

HIS

IMA

GE

TO

REP

LAC

E ▾

Introduction to Assent

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 6

Assent Product SuitesOur Market Leading Platform

Corporate Social Responsibility

Product Compliance

Vendor Management Inspections

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 7

Assent Works with 40% of S&P 500 Product Companies

Overview

300,000 Supplier Companies

Global Footprint

A Partner You Can Grow With

40%

300k

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

Feature PresentationPRESENTER, TITLE & COMPANY Due Diligence in DFARS

8

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 9

▪

▪

Background: What Are DFARS Flow-Downs?

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 10

▪

▪▫

▫

Background: What Does This Mean?

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 11

▪

▪

▪

Changing Norms

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 12

The DFARS Flow-Downs Changing the Game

▪

▪

▪

▪

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

Challenges & Coping Mechanisms

13

Challenges:

▪

▫▪

Coping Mechanisms:

▪▪

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

The Result

14

▪▪

▪▪

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

DFARS Focus on NIST Cybersecurity

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

Cybersecurity Driver

16

Safeguarding Covered Defense Information and Cyber Incident Reporting (October 2016)

Why Does It Exist?

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

Cybersecurity in a Nutshell

17

DFARS 252.204-7012.ii.A requires IT support and vendors to gather evidence of supply chain compliance by December 31, 2017.

How Do You Comply?

▪

▪

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

DFARS Cybersecurity Requirements

18

▪

▪

▫

▫ December 31, 2017

▫

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

What is DFARS 252.204-7012?

19

▪

▪

▪

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

How Does a Covered Contractor System Show Compliance?

20

1 Office of the Under Secretary of Defense for Acquisition, Technology and Logistics. (2016). Defense Federal Acquisition Regulation Supplement (DFARS) and Procedures, Guidance, and Information (PGI). Retrieved from https://www.acq.osd.mil/dpap/dars/dfars/html/current/252204.htm#252.204-7012

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

How Does a Covered Contractor System Show Compliance?

21

1 Office of the Under Secretary of Defense for Acquisition, Technology and Logistics. (2016). Defense Federal Acquisition Regulation Supplement (DFARS) and Procedures, Guidance, and Information (PGI). Retrieved from https://www.acq.osd.mil/dpap/dars/dfars/html/current/252204.htm#252.204-7012

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

Internal Documents: The POA&M and SSP

22

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2323

What is a POA&M?

▪

▪▫▫▫

▪

December 31, 2017

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2424

When is a POA&M Created?

▪

▪

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2525

What Should My POA&M Contain?

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2626

What Should My POA&M Contain?

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2727

What Should My POA&M Contain?

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2828

What Should My POA&M Contain?

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 2929

What Should My POA&M Contain?

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 3030

What Is an SSP?

▪

▪

▪

▪

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 3131

When Is an SSP Created?

▪▫▫

▫

▪

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 3232

What Goes in an SSP?

▪

▪

▪

▪

▪

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

Feature PresentationPRESENTER, TITLE & COMPANY Supply Chain Elements

33

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 34

▪

▪

▪

Cybersecurity Standards Prompt Due Diligence

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 35

▪

▫

▫

▫

Cybersecurity Standards Prompt Due Diligence

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 36

▪

▪

In English...

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 37

▪

▪

▪

How Is Industry Administering This Obligation?

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 38

▪

▪

There Are Two Mechanisms to Administer This

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 3939info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017

Learn more about Assent events:www.assentcompliance.com/events

[Webinar] Introduction to Food ContactWednesday, December 13 | 11 AM ET

[Webinar] 12 Days of Compliance Wednesday, December 13 | 2 PM ET

Upcoming Conferences

SAN DIEGOFEB 14-15, 2018

www.assentsummitseries.com

Upcoming Events: Webinars & Conferences

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 4040

Questions/DiscussionConclusion

info@assentcompliance.com / www.assentcompliance.com / 1 866 964 6931 / © Assent Compliance 2017 40