| Attachment | Size |
|---|---|
| Contractor Security Paper.pdf | 1.88 MB |
Abstract
ACT-IAC White Paper: Supplier Cybersecurity Compliance Playbook
Developed by the Cybersecurity Community of Interest
Published December 1, 2022
The US Federal government presents a large target for nation-states, attackers, and organized crime. Government contractors, who provide critical services to the US Federal government must secure their information technology infrastructures to reduce this threat surface from a third-party risk management perspective. The Federal government requires demonstrated compliance with various cybersecurity standards to assure security of missions often delivered in partnership. No part of the supply chain can compromise the government’s networks, systems, and data. However, a contractor’s demonstration of compliance can often be confusing, daunting and expensive. This paper intends to provide small, medium, and large businesses the most effective and efficient means to meet Federal cybersecurity frameworks. It can also guide government leaders to understand the benefits and issues contractors may face in pursuit of compliance. This paper focuses on compliance with five (5) frequently required frameworks—CMMC, NIST SP800-171, FFIEC, NIST SP800-53, and ISO 27001.