Skip to content
If you must comply with NIST 800-171 under DFARS you may wonder what has changed with the first revision, released in December, 2016. There are two substantive changes:
- “Information Systems” has been replaced by “Systems” throughout the document. This mean the scope of your compliance effort is expanded to cover Industrial Control Systems (ICS) or Supervisorial
Control and Data Systems (SCADA) that could be vulnerable to attack.
Therefore, your compliance team should have the necessary skills and experience to assess these additional systems.
- The addition of a 110th requirement for a System Security Plan (SSP). Paragraph 3.12.4 now requires you to “Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems.”
An SSP differs from a Plan Of Action and Milestones (POAM). A POAM is an actionable project plan with commitments that can be contractually binding versus an SSP that is more conceptually in nature. However, we think that Contracting Officers will expect suppliers to make their SSP’s actionable and take good-faith efforts to abide by them.
You want to enter in a fully burdened labor rate for this field. What that means is that you want to take the base hourly rate, plus 25-30% for employer payroll taxes, benefits, vacation/holiday time, etc.
Smoke testing is a type of software testing performed by Alvaka after a software patching sequence to ensure that the system is working correctly and to identify any misconfigurations or conflicts within the patched system.
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.
You want to enter in a fully burdened labor rate for this field. What that means is that you want to take the base hourly rate, plus 25-30% for employer payroll taxes, benefits, vacation/holiday time, etc.
Smoke testing is a term used to describe the testing process for servers after patches are applied.