Reading Time: 3 minutes
Last Updated on April 1, 2021
Aerospace companies with government contracts are increasingly focused on information security compliance. Many face a short-term requirement to self-assess their compliance with NIST 800-171, per the new DFARS 7020 clause that is now appearing in new and modified government contracts.
Then there’s the longer-term need for firms that handle Controlled Unclassified Information (CUI) to pass a third-party audit against the Cybersecurity Maturity Model Certification (CMMC) standard at CMMC Level 3.
NIST 800-171 and CMMC Level 3 are very similar frameworks, and achieving compliance with either one demonstrates a robust security posture. Is there any need for firms in the Aerospace & Defense industry to go “beyond” this level of attestation?
What about compliance with ISO 27001, the international “gold standard” for cybersecurity? Or obtaining a positive SOC 2 report?
This subject came up on a recent episode of The Virtual CISO Podcast featuring John Virgolino, Founder and CEO of nationwide ISP Consul-vation. Hosting the episode as always is John Verry, Pivot Point Security’s CISO and Managing Partner.
“Do Aerospace firms have clients with multiple, disparate requirements?” John Verry asks. “Like, Boeing or Raytheon are saying, ‘Give me NIST 800-171.’ And Ford is asking them for ISO 27001, or something equivalent?”
According to John Virgolino, few of the clients he works with have a business driver for ISO 27001 certification or a SOC 2 report—even those that have both government and non-governm ..
Support the originator by clicking the read the rest link below.
