Pre-Conference Workshop: New Cyber Security Rules For Controlled Unclassified Information CUI

Dec 4, 2017 1:30pm - 5:00pm


What is it about?

Monday, December 4, 2017

Download Brochure


Registration Begins


A Deep Dive into New Cyber Security Rules for Controlled Unclassified Information (CUI): New DFARS Rules, Pending CUI FAR, and NIST Special Publication (SP) 800-171 – Flow-Down Requirements for an International Supply Chain

Robert S. Metzger

Rogers Joseph O’Donnell, PC

Kelley Dempsey
Senior Information Security Specialist
The National Institute of Standards and Technology (NIST)

Patrick Viscuso
Associate Director, Controlled Unclassified Information
Information Security Oversight Office, ISOO (National Archives & Records Administration, NARA)

Vicki Michetti
Director, Defense Industrial Base Cybersecurity Program

Mary Thomas
Program Analyst for the Director of Defense Procurement and Acquisition Policy
Office of the Under Secretary of Defense (Acquisition, Technology and Logistics)

The U.S. Government requires its contractors to protect the confidentiality of Controlled Unclassified Information (CUI). The Department of Defense has issued DFARS regulations requiring cyber protection of Controlled Technical Information (CTI) and other forms of CUI and cyber incident reporting. The National Archives and Records Administration (NARA) is developing new rules, for the civilian agencies mandating similar protections of CUI when shared with commercial enterprises and other non-federal partners. This in-depth, practical workshop will take you through critical developments and their practical impact. Topics will include:

  • NARA’s objectives for the new CUI regulation, and how it will apply to contractors and other federal partners
  • The significance of NARA’s CUI Registry and how agencies will use it to determine which information qualifies as CUI
  • DoD’s implementation of its “Network Penetration” DFARS and measures contractors can take for timely compliance
  • How NIST aligns SP 800-171 safeguards for contractor systems with SP 800-53 r5 obligations for federal information systems
  • Special protection and incident reporting issues facing foreign-owned companies and contractors with an international supply chain
  • Using best practices and international standards to satisfy U.S. requirements and the E.U. General Data Protection Regulation (GDPR)
  • Minimizing supplier objection to flow down of CUI or DFARS rules and managing supply chain cyber risks
  • Practical strategies and technical measures to avoid export control or security violations in a multi-national business environment
  • Key federal resources within NARA, NIST, DoD, DHS, DSA and other government agencies


Pre-Conference Workshop Concludes