New regulations from the Department of Defense (DoD) regarding the management and protection of Controlled Unclassified Information (CUI) have caused a stir among defense contractor IT teams around the globe. The Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 requires that DoD contractors meet the specific security standards described in NIST Special Publication 800-171 to ensure that CUI is protected. Defense contractors undertook significant efforts to meet the December 31, 2017 deadline, only to find that the technology solutions available to meet the requirements were limited. However, a San Francisco startup has solved some of the greatest technical challenges in the new regulations in a completely unique way.
“The DFARS-7012/NIST 800-171 requirements are a challenge for many DoD contractors. Non-compliance could potentially place their existing contracts at risk and jeopardize future access to DoD opportunities. Gaining compliance with the regulations is not a one-time activity, and of the dozens of DFARS compliance assessments we’ve completed in the past 3 months, most companies are at 30 – 40% compliant at best,” said William J. McBorrough, Co-Founder and CEO of MCGlobalTech.
When global defense contractor Lockheed Martin began to research a solution to their compliance requirements, they quickly discovered that none of the solutions available in the marketplace met their needs, while solutions potentially developed in-house were deemed too expensive. Lockheed required a highly scalable solution that addressed some of the most technically challenging elements of the new regulations: privileged access controls. Lockheed needed a solution that combined multi-factor authentication and dynamic access privileges, and needed a solution that wouldn’t compromise security, nor slow down their speed of innovation.
“When seeking a PAM solution that could meet our requirements, ease of integration, reliability and scale were all critical, and we couldn’t afford to compromise in any of those areas,” said Mike Gordon, Deputy Chief Information Security Officer, Lockheed Martin. “We needed a solution that the information security marketplace simply didn’t offer at the time.”
Lockheed then found Remediant - a San Francisco-based information security startup that specializes in securing privileged access. Remediant’s product is called SecureONE, and it not only met, but exceeded, Lockheed’s technology requirements. SecureONE limits the amount of time an individual’s login has privileged access to a target system, thus restricting access to the absolute minimum needed. Even if credentials are compromised, this technique blocks the misuse of those credentials for any kind of privileged access.
In a matter of weeks, Remediant provided a dynamic, scalable PAM solution with minimal disruptions to Lockheed Martin’s 150,000+ endpoints. Today, Lockheed Martin meets its NIST SP 800-171 requirements while significantly enhancing operational security.
“Remediant worked an aggressive timeline and a full-lifecycle implementation across the global enterprise to provide added security for our desktop administrators. We call it ‘Instrumented Compliance’, which means not only being compliant but, more importantly, being able to continue to assure our customers and employees that we are protecting their critical data,” said Joel Johnson, Cyber DFARS Program Manager, Lockheed Martin.
Full details of how Remediant helped Lockheed Martin meet DFARS can be viewed here: https://remediant.com/solutions/success-story.
Founded in the heart of San Francisco, Remediant meets complex security challenges that require a complete understanding of regulatory and government standards. We deliver unparalleled, innovative solutions that holistically balance policy, technology, and usability. Our motivation is to provide next-generation technology and services to secure data for corporations and government entities who must meet regulatory compliance and stop lateral movement in their ecosystems.