Cyber Security Committee

The Cyber Security Committee is comprised of CIOs and other cybersecurity executives from AIA’s member companies, and is responsible for developing and promoting cybersecurity policy objectives to meet government and industry information protection requirements. The CSC engages with DOD’s Chief Information Officer (CIO), Defense Pricing and Contracting (DPC), the Defense Contract Management Agency (DCMA), the Cybersecurity Maturity Model Certification (CMMC) program office, the CMMC Accreditation Body (CMMC-AB), and the Office of the Under Secretary of Defense for Research & Engineering (USD/R&E).

Items of Interest

 

Industry Resources

1)  2017 AIA Member Survey:  Cybersecurity Survey Results

2)  NIST Compliance Presentation:  Compliance through Development Security Operations (DevSecOps)

3)  Sep 2017 SMC Presentation:  DFARS How-To (Exostar and Accenture)

4)  FAR to DFARS:  Categorization of NIST SP 800-171 R1 Controls

5)  DFARS 101:  Cybersecurity in Business Language (Update Pending)

6)  AIA National Aerospace Standard (NAS) 9933:  Overview

7)  AIA National Aerospace Standard (NAS) 9933:  Link to AIA Standards Store

8)  DIB SCC Cyber AssistWebsite

9)  Project Spectrum:  Website 

10) Cybersecurity Maturity Model Certification:  Accreditation Body (AB)

 

Federal Government Resources

1)  Cybersecurity Maturity Model Certification (CMMC)

2)  DOD DIB Cybersecurity Program

3)  DOD Procurement Toolbox

4)  6 Nov 2018 – FINAL Guidance Memo

3a)  DoD Guidance for Reviewing System Security Plans and the NIST SP 800-171 Security Requirements Not Yet Implemented

3b)  Guidance for Assessing Compliance of and Enhancing Protections for a Contractor’s Internal Unclassified Information System

5)  DFARS: Final Rule:  Network Penetration Reporting and Contracting for Cloud Services

6)  DFARS: Final Rule:  Frequently Asked Questions (FAQs) (Update Pending)

7)  DFARS: Contract Clause:  Safeguarding CDI and Cyber Incident Reporting

8)  23 June 2017 DFARS CUI/CDI Industry Information Day:  Slides  / Video

9)  NARA:  Controlled Unclassified Information (CUI) Registry

10)  NIST:  Consult with your local NIST Manufacturing Extension Partnership (MEP) Center

11)  NIST:  Cybersecurity Standard:  NIST SP 800-171 R1

12)  NIST:  Cybersecurity Standard Assessment Guide:  NIST SP 800-171A

 

Tools and Templates

1)  DHS:  Cybersecurity Evaluation Tool

2)  NIST SSP Standard:  NIST SP 800-18 (Sample SSP template at Appendix A)

3)  NIST CUI Templates:  SSP / Plan of Action (POA&M)

4)  Complainceforge.com:  SSP Template

5)  Federal Risk and Authorization Management Program (FedRamp)

a)  Moderate Baseline SSP Template 

b)  Other SSP Templates and more

6)  Plan of Action and Milstones:  Simple Excel POA&M Template

AIA Contact:

Jason Timm

Director, Defense Policy and Integration

Sectors with this issue