Search the Community
Showing results for tags 'confidential defense information'.
Company needs to report a cyber security incident under DFARS 252.204-7011. Reporting is required within 72 hours. I have two questions: Are there penalties or other adverse consequences for late reporting? Before the Company can report, an employee must obtain a DoD-approved medium assurance certificate and this appears to take a couple days. That is a significant delay when you're sprinting toward a 72-hours deadline. Do most companies sign up for this certificate in advance? I did not see reference to it in the NIST SP 800-171. Thanks in advance for any insight!