January 19, 2016
The GovCon world is a world of Standards and Compliance's. Is your business covered?
Each and every contract you receive will have different applicable standards, and so you will need to base your actions off of the specific details of the job.
Government Standards follow UCTI (Unclassified Controlled Technical Information) standards, which were based originally off of NIST 800-53 (National Institute of Standards).
NIST 800-53 has been updated to NIST 800-171 in order to simplify the former standards by removing government exclusive standards, and standards that contractors should already have in place such as password protocols.
It is imperative that GovCon businesses master these compliance standards and set up a system to document their compliance in order to excel in the GovCon industry.
In addition to the NIST standards, you can reference DFARS 252.204-7012 (or -7023), which a comprehensive list of the different governmental standards you may be required to uphold in your contracting process.
The basis of these standards cover three major ideals:
Confidentiality = What are my responsibilities for protecting this information, and what are the potential outcomes of it being leaked?
Integrity = Control over changes: Knowing what, how, and when information is changed.
Availability = Knowing when action needs to be taken; whether it be immediately addressed or simply written into a monthly compliance report.
If you follow the steps Jenny outlines in this episode, and reference the resources she provides; you will be well on your way to mastering the Standards Compliance's in the GovCon process.