Implementation of FIPS 140-2 Infrastructure to Support DFARS Compliance Program

Overview

The firm had begun their efforts to strengthen their internal cybersecurity and risk management programs in anticipation of the Department of Defense's (DoD) Defense Federal Acquisition Regulation Supplement (DFARS) compliance mandate. The DFARS compliance mandate requires all DoD contractors to implement and comply with the National Institute of Standards and Technology (NIST) 800-171 security standard. The NIST 800-171 standard pertains to the protection of unclassified information in non-federal information systems and organizations.

As the firm continued to expand, management of their remote detection sites became more burdensome as each new detection site were brought online. The firm required a solution that maintained their DFARS compliance status while streamlining their ability to manage and access the infrastructure at their remote detection sites.

Solution

Our team began by assessing the firm's DFARS compliance obligations, existing on-premise network infrastructure, and configuration of the remote detection sites to determine which technologies and FIPS 140-2 validated network infrastructure would be required to implement to comply with NIST 800-171.

After completing our technology assessment, our team met with the firm's executive team to propose various cost-effective network configurations that would meet their robust security and encryption requirements. The proposed solution enabled their engineering team to centrally manage all remote detections sites while maintaining their DFARS compliance requirements and IT controls.

The selected network infrastructure consisted of a FIPS 140-2 validated security appliance and FIPS 140-2 validated cellular gateways due to the mobility and top-secret locations of the remote detection sites. This solution ensured that all network traffic would remain encrypted using a FIPS validated cryptographic algorithm.

Results

After the completion of the network infrastructure assessment and security appliance implementation, The firm went on to complete their DFARS compliance requirements and continues to innovate within the nuclear and radiation detection industry.

About The Government Contractor

The government contractor works closely with federal and state counterterrorism, and law enforcement agencies to provide cost effective nuclear and radiation detection solutions to aid in the prevention of terrorism and localized nuclear threats.