New legal, regulatory, and contractual requirements address the safeguarding of sensitive information on covered contractor information systems and the management of cybersecurity controls for its physical and logical access protection. Information system assets include software, hardware – endpoints. Mobile devices, & servers, and networks that store, process, generate, or transmit sensitive information.
Supply-chain cybersecurity requirements were designed to manage the risks related to the supply chain of system or service providers – including contracts for commercial items – who must safeguard sensitive information types including but not limited to unclassified federal contract information (FCI), covered defense information (CDI), controlled technical information (CTI), export control information, personally identifiable information (PII), proprietary information, and controlled unclassified information (CUI). At Parsons, we believe that security is a shared responsibility and we are partners with our suppliers in safeguarding all types of controlled and sensitive information.
Below are references to U.S. Government and Department of Defense regulations flowing down from contracts to our suppliers and industry resources on how to improve the security posture of your organization.