On 2nd February 2018, stackArmor was delighted to host a 2 hour information session on NIST SP 800-171 and Understanding Controlled Unclassified Information (CUI). The stackArmor Security MicroSummit featured guest speakers from NIST and NARA including Ms. Kelley Dempsey is an Information System Security Specialist at NIST and a co-author of NIST SP 800-171 “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations” Mr. Devin Casey from NARA’s CUI Program and Outreach organization.
Ms. Kelley Dempsey is a Information Security Specialist with the Information Technology Laboratory/Computer Security Division. She develops and reviews NIST Special Publications which provide guidance on information system security federal government-wide. Ms. Dempsey is an author of the NIST SP 800-171 special publication titled “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations”. Ms. Kelley Dempsey began her career in IT in 1986 as an electronics technician repairing computer hardware before moving on to system administration, network management, and information security. In 2001, Kelley joined the NIST operational Information Security team, managing the NIST information system assessment and authorization program, and then joined the NIST Computer Security Division FISMA team in October 2008. Kelley has co-authored a variety of NIST publications related to information security risk management (SPs 800-37, 800-53, 800-53A, 800-128, 800-137, 800-171, NISTIRs 8011 and 8023). Kelley holds a B.S. in Management of Technical Operations and an M.S. in Information Security and Assurance as well as CISSP, CAP, and Certified Ethical Hacker certifications. Kelley helped identify criteria identifying and defining CUI for non-federal requirements and specific NIST SP 800-171 control families to ensure confidentiality of CUI data. She reviewed and discussed the increasingly rapid adoption of NIST SP 800-171 practices by educational and grants-driven organizations as well as touched upon new and up-coming requirements in the FAR related to compliance with NIST SP 800-171 for Government contractors.
The event was well attended and also featured Mr. Devin Casey from NARA talking about Understanding Controlled Unclassified Information (CUI) and Contractor Responsibilities. Mr. Devin Casey is Program Analyst for the Information Security Oversight Office (ISOO) at the National Archives and Records Administration where he serves as a lead for implementation and oversight activities for the Controlled Unclassified Information (CUI) Program. He came to the National Archives from the US Department of Agriculture where he worked in their Classified National Security Programs Branch. He also works for the Army reserves as an intelligence analyst and security manager with tactical and strategic experience. He helped create the CUI marking handbook and worked on the creation of the National Institute for Standards and Technology Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (June 2015). In his current role at ISOO he consults with Executive branch departments, agencies, and industry as well as other non-federal organizations on the structure and implementation of the CUI program. Devin talked about what constitutes Controlled Unclassified Information (CUI), Marking and Identification and the future of a new CUI FAR rule. He covered topics around processes, responsibilities, and oversight. Devin also shared a number of useful resources to help contractors understand and define CUI.
The audience consisting of major Federal and DOD contractors had a number of questions that centered on the following topics:
- The applicability of flow-downs from prime contractors to sub-contractors.
- Reporting requirements of security related incidents.
- Defining and identifying what constitutes CUI.
- Use of FedRAMP Accredited cloud services.
Additionally, the event featured a presentation from Gaurav “GP” Pal, Principal of stackArmor on how FedRAMP Accredited cloud services can help contractors meet DFARS and NIST SP 800-171 compliance requirements. The stackArmor MicroSummit was covered by FederalNewsRadio’s Jory Heckman. Please read his report at https://federalnewsradio.com/cybersecurity/2018/02/defense-civilian-contractors-laying-groundwork-to-implement-nist-information-sharing-framework/
Learn more and download event slides from our Government Cloud Solutions site.
https://stackarmor.com/governmentcloud/
