MCGlobalTech Managed Security Compliance Program
1 like969 views
Mission Critical Global Technology Group (mcglobaltech) is a minority-owned small business focused on providing security consulting services to align technology and compliance with organizational goals. They assist clients, especially in the federal sector, in achieving NIST 800-171 compliance through a managed security compliance program that covers program development, risk management, and continuous monitoring. The company emphasizes the necessity of adhering to cybersecurity regulations to prevent severe consequences, such as contract termination or sanctions, for non-compliance.
![CONSEQUENCES FOR CONTRACTORS
Companies unable to demonstrate NIST 800-171 compliance
will be severely impacted as Contracting Officers and Prime
Contractors will require DFARS compliance as a pre-requisite
to [continue] doing business with the DOD.
For companies currently doing business with the DOD,
consequences of non-compliance may include contract
termination for default or convenience, suspension or
debarment, breach of contract damages, liquidated damages,
and False Claims Act damages.](https://image.slidesharecdn.com/mcglobaltechmscpservicepresentation-180224172529/85/MCGlobalTech-Managed-Security-Compliance-Program-9-320.jpg)
MCGlobalTech Managed Security Compliance Program
- 1. Mission Critical Global Technology Group Managed Security Compliance Program (MSCP)
- 3. Our Values At MCGlobalTech, we believe strong values create long term relationships with our customers, employees, partners and the communities we serve. At the heart of everything we do are our corporate values: – Providing customer satisfaction – Delivering innovative solutions – Empowering staff for success – Promoting Entrepreneurial spirit – Maintaining technical excellence Staff Skills Success
- 4. What we offer MCGlobalTech builds and manages efficient, cost-effective information security programs to protect client systems, network and data against cyber threats, meet regulatory compliance requirements and improve organizational IT governance. We continually demonstrate excellence in the following core competencies: – Security Program Development – Enterprise Risk Management – Governance and Compliance – Systems Security Monitoring – Security Engineering – Vulnerability and Penetration Testing – Network and Systems Security
- 5. Combating Cyber Threats The Federal government is making a concerted effort combat growing threats to our national security from both internal and external cyber threat actors including nation-state, terrorists, malicious insiders, etc.. Cybersecurity requirements are increasingly being introduced through the FAR and DFARS to the companies providing services to US government entities. The DFARS Clause 252.204-7012 is aimed at protecting contractor information and systems used to deliver services to the US Department of Defense.
- 6. REQUIREMENTS FOR CONTRACTORS The DFARS Clause 252.204-7012 established a requirement for “adequate security” for the information(differs based on the type of data) – Covered Defense Information (CDI) – Controlled Technical Information – Critical Information – Export Control Information – Other information identified in the contract The DFARS clause also grants DoD personnel access to the contractor’s system to investigate the incident
- 7. REQUIREMENTS FOR CONTRACTORS Under the DFARS provisions, contractors were directed to implement NIST 800-171 standards “as soon as practical, but not later than December 31, 2017.” Compliance Requirements • Assess against 110 controls defined in NIST SP 800-171 • Document compliance status with respect to each control (SSP) • Document areas of non-compliance and remediation plans (POA&M) • Be prepared for audits and/or requests for compliance attestation • Implement breach reporting requirements (within 72 hours)
- 8. REQUIREMENTS FOR CONTRACTORS Compliance is not a one-time activity – It requires building an enterprise information security program that continuously assesses and manages risks, protects covered information and systems used for processing, storage and transmission, and monitors and detects threats with the ability to report incidents with 72 hours. Organization Size is not a consideration – All companies must comply. It only takes one user, one system to cause a cyber breach. Not just IT – The requirements covers your People, Policies, Processes, Technologies, Physical and Environmental, Supply Chain, etc.. You can’t outsource your compliance responsibility. You have be able to document how your service providers/cloud services meet the control requirements.
- 15. Full Life-Cycle Security Security Documentation and Response – During the operational phase of the program, the MCGlobalTech Compliance Team creates and/or maintains the security compliance program documentation to include security policies, security plans, risk assessments, plan of action and milestones, etc. – MCGlobalTech implements our Managed Compliance Service (MCS) and Managed Security Service (MSS) to ensure regulatory compliance, system confidentiality, reliability and security.
- 17. Managed Compliance Service The MCS provides a NIST 800-171 baseline compliance audit against all 110 required controls and generates the required compliance documentation i.e. System Security Plan (SSP) which documents state of compliance and Plan of Action and Milestones (POAM) which documents identified gaps and remediation plans and timelines. POAM remediation is then tracked, validated and documented with quarterly assessments thus improving compliance posture and mature security program. Required on-going security controls assessments, vulnerability and risk assessments continuous monitoring, and penetration tests are scheduled as appropriate intervals. Baseline Assessment Monthly/Quarterly Checks Full Compliance
- 18. Managed Compliance Service MCS Compliance Schedule (Annual) Quarter 1 q Conduct Compliance Audit q Findings tracking and reporting (eg. POAM) q Create/Update Policies and Procedures q Generate Compliance Artifacts (eg. SSP, Letter of Attestation) q Vulnerability Assessment q Security Awareness Training Quarter 2 q Plan of Action & Milestone (POAM) Review/Update q System Security Plan (SSP) Review/Update q Vulnerability Assessment q Security Controls Assessment Quarter 3 q Plan of Action & Milestone (POAM) Review/Update q System Security Plan (SSP) Review/Update q Vulnerability Assessment q Security Controls Assessment Quarter 4 q Plan of Action & Milestone (POAM) Review/Update q System Security Plan (SSP) Review/Update q Enterprise Security Risk Assessment q Network Penetration Test
- 19. Managed Security Service The MCGlobalTech Managed Security Service (MSS) provides 24/7 monitoring of all end user systems (laptops, desktops, mobile devices, servers) and Internet-facing devices (routers, firewalls, webservers) for near real-time detect and response to cyber threats and vulnerabilities. Our MSS also helps small business clients meet security audit, monitoring and incident reporting compliance requirements of the DFARS 7012/NIST 800-171. MSS Internal & External Audits Federal Guidelines and Directives Threats and Vulnerabilities
- 20. Past Performance MCGlobalTech’s Principals have worked for and with large and small contracting and consulting firms. We have provided security expertise throughout the federal government including the Department of Defense, Intelligence and Federal Civilian Agencies. We have also provided security services to financial, healthcare and various commercial sector organizations throughout the country. A list of some of our clients we’ve helped meet the DOD DFARS/NIST 800-171 compliance requirements is listed in the following table.
- 22. Contact Us Mission Critical Global Technology Group 1325 G Street, NW Suite 500 Washington, District of Columbia 20005 Phone: 202.355.9448 Email: Info@mcglobaltech.com Wiliam J McBorrough Regine Bonneau Co-Founder/CEO Director, Risk & Compliance wjm4@mcglobaltech.com rbonneau@mcglobaltech.com (202) 355-9448 x101 (202) 355-9448 x104