Cybersecurity Advice
Government, prime contractors, and suppliers are increasingly being targeted in cybersecurity attacks and our industry must work together to safeguard its critical infrastructure and sensitive information. Awareness of these mounting cyber risks and implementation of effective cybersecurity controls are becoming critical components of keeping information protected. Leidos is committed to employing innovative and compliant cybersecurity processes to protect our networks, information, and systems.
Leidos understands the important role our suppliers play in defending our and our customers’ information and networks from cyber threats. We also understand the value that cybersecurity experience plays in creating and maintaining a competitive advantage for our separate organizations. Our mutual success is impacted by our ability to collaborate on identifying and managing cyber risks.
Cybersecurity and NIST SP 800-171 Assessments
-
Suppliers achieve compliance by meeting the 110 security requirements in NIST SP 800-171 and, submitting their self-assessment score to the Supplier Performance Risk System.
-
Contractors are required to report cyber incidents within 72 hours directly to the DoD's DIB Cybersecurity Program and to Leidos.
-
The Cyber DFARS clauses must be flowed down to all suppliers when performance will involve operationally critical support or Controlled Unclassified Information. Any request to vary from NIST SP 800-171 security requirements shall be notified to Leidos or next higher-tier subcontractor.
References and Resources
To assist suppliers in achieving compliance with the NIST SP 800-171 security controls, Leidos has provided links to helpful publicly available resources for each NIST SP 800-171 Controls.
Department of Defense Resources
- NIST SP 800-171 DoD Assessment Methodology
- DOD Procurement Toolbox
- DOD regulations and FAQ regarding cybersecurity
Industry Resources
- National Defense Information Sharing and Analysis Center ™ (NDISAC) CyberAssist
- Leidos has collaborated with other Defense Industry Base (DIB) companies to establish a website with publicly available resources to help suppliers increase their cyber security posture and comply with regulatory requirements
- Project Spectrum
- Project Spectrum is an initiative/free to businesses supported by the Department of Defense Office of Small Business Programs
Small Business Resources
National Institute of Standards and Technology
Cybersecurity Compliance FAQ
- DoD FAQs for Cybersecurity
- Department of Defense Frequently asked Questions covering:
- Assessing Contractor Implementation of NIST SP 800-171 Security Requirements
- Basic Safeguarding of Contractor Information Systems (FAR clause 52.204.21)
- NIST SP 800-171
- Safeguarding Covered Defense Information and Cyber Incident Reporting (DFARS 252.204-7008 and 252.204-7012)
- Cloud Computing
- Limitations on the use or disclosure of third-party contractor reported cyber incident information (DFARS clause 252.204-7009)
- Department of Defense Frequently asked Questions covering: