Site icon Eminence Papers

US Compliance Laws Research

US Compliance Laws Research

Organizations operating in diverse economic sectors must comply with the D.O.D-specific requirements within their I.T. infrastructure. One of the D.O.D. requirements they should comply with is the Defense Federal Acquisition Regulation Supplement (DFARS). DFARS comprises a set of cybersecurity requirements that contractors are called upon to meet to be deemed compliant with cybersecurity regulations (Procurement & Policy, 2013). One DFARS requirement is that the contractor establish a cybersecurity program composed of security control measures and processes directed toward data protection and preventing the system from unauthorized access, misuse, or destruction (Procurement & Policy, 2013). The other DFARS requirement that contractors should abide by is ensuring that all the personnel can easily access the D.O.D. systems or have been properly trained on security clearance measures.

Furthermore, DFARS also outlines the need for contractors to implement a risk assessment and management system to identify, evaluate, and mitigate any risks that may arise in their interaction with the DoD systems and data. This makes them knowledgeable about the system’s various risks and the proper measures to adopt to combat these consequences (Toth & Toth, 2017). Another DFARS requirement is that contractors must develop and implement a plan focused on timely response to cyber-attacks and other incidents that may threaten the data being held within the DoD systems. Lastly, implementing an audit and accountability measure is also essential as it goes a long way in fostering the security of the DoD systems (Toth & Toth, 2017). The other DoD-specific requirement an organization must abide by is the National Institute of Standards and Technology (NIST) Special Publication (S.P.) 800-171 security controls.

The third DoD-specific requirement that organizations abide by concerning their I.T. infrastructure is the cybersecurity maturity model certification (C.C.M.) framework. Implementing CMMC is important because it prevents defense contractors from being hacked and losing sensitive defense information (Baikloy et al., 2020). According to the research done by the White House Council of Economic Advisers in 2018, it was established that malicious cyber-activity resulted in losses to the tune of $57 billion and $109 billion within one financial year (Baikloy et al., 2020). The aggregate loss emanating from the Controlled Unclassified Information (C.U.I.) within the DIB sector increases the risk to national economic security. Therefore, it is paramount for organizations to work with the DIB sector to enhance the protection of its C.U.I. networks.

Subsequently, adhering to these three compliance laws while conducting business on U.S. soil is important because it yields various benefits. One of the benefits that an organization stands to gain as a result of complying with these laws is that it serves to reduce the risk. Complying with D.O.D. requirements goes a long way in decreasing the risks by preventing possible events from negatively impacting the organization’s operations (Mustapha et al., 2020). For instance, the problem of loss of data can be easily prevented by ensuring that the backup is secured from any unexpected occurrences. Additionally, complying with these laws increases the efficiency of organizational operations. An organization’s bottom line can be enhanced by increasing revenues or decreasing costs (Mustapha et al., 2020). Based on these options, increasing revenues has been identified as a tough root requiring more effort; organizations should consider increasing their efficiencies to decrease operational costs. Accordingly, research has indicated that owning a comprehensive policy is important in increasing efficiencies.

References

Baikloy, E., Praneetpolgrang, P., & Jirawichitchai, N. (2020). Development of Cyber Resilient Capability Maturity Model for Cloud Computing Services. T.E.M. Journal9(3).

Mustapha, A. M., Arogundade, O. T., Misra, S., Damasevicius, R., & Maskeliunas, R. (2020). A systematic literature review on compliance requirements management of business processes. International Journal of System Assurance Engineering and Management11, 561-576.

Procurement, D., & Policy, A. (2013). Defense Federal Acquisition Regulation Supplement (DFARS), procedures, guidance, and information (P.G.I.). Subpart215, 11.

Toth, P., & Toth, P. (2017). NIST MEP cybersecurity self-assessment handbook for assessing NIST SP 800-171 security requirements in response to DFARS cybersecurity requirements. U.S. Department of Commerce, National Institute of Standards and Technology.

ORDER A PLAGIARISM-FREE PAPER HERE

We’ll write everything from scratch

Question 


US Compliance Laws Research

Submit a draft of research on DOD-specific requirements for an organization’s IT infrastructure and U.S. compliance laws that may affect the firm.

Exit mobile version