Mercury Systems Excels in Third-Party DFARS/NIST Security Assurance Assessment
August 12, 2019
Mercury Systems, Inc. announced it has received a letter of assurance confirming it has satisfactory controls in place for 100% of the cybersecurity requirements of the DFARS.
ANDOVER, Mass. - Aug. 12, 2019 - Mercury Systems, Inc. (NASDAQ: MRCY, www.mrcy.com) announced that after a comprehensive third-party audit, it has received a letter of assurance confirming it has satisfactory controls in place for 100% of the cybersecurity requirements of the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 and the National Institute of Standards and Technology Special Publication (NIST SP) 800-171A.
The five-week assessment, conducted by Cytellix Corporation, the cybersecurity division of Information Management Resources, Inc., established that Mercury Systems implemented satisfactory controls and complied with all 110 information protection requirements. Ensuring these regulations flow through the entire supply chain is critical to the success of the DFARS/NIST cybersecurity initiative, which is quickly becoming a mandatory requirement for winning new defense contracts. Mercury Systems is one of a small percentage of companies that have received objective verification of having a “complete” cybersecurity controls program in place, demonstrating its commitment to helping its customers meet their trusted supply chain requirements.
“Mercury has always been committed to safeguarding protected information and made compliance with the latest DFARS and NIST standards a top priority.” said Jeff Eason, Mercury Systems’ Chief Information Officer. “We have invested significantly in building out best-in-class cybersecurity capabilities in parallel with our ongoing participation in defense security initiatives such as the National Industrial Security Program (NISPOM). Receiving this independent third-party validation of our cybersecurity controls program is a major milestone in our comprehensive defense industrial security plan.”
Cyber and information warfare are the latest battlefields in the race for commercial and military dominance. The Department of Defense (DoD) launched this compliance program in an effort to broaden and deepen the security practices of companies supplying mission-critical products and services to the U.S. government and provide further protection against cyber threats. DFARS 252.204-712, “Safeguarding Covered Defense Information and Cyber Incident Reporting”, published October 2016, was specifically designed to ensure the protection of Controlled Unclassified Information (CUI) by non-federal agencies, or “Contractors”. It covers information technology (IT) cybersecurity from printers to servers to cloud computing, and it mandates compliance with NIST 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”. NIST 800-171 contains 110 requirements across 14 families of information control, all of which contractors must be compliant with to ensure sufficient safeguards are in place to protect CUI against cyberattacks.
Recent studies have shown that most contractors fully comply with less than 60% of the requirements contained in NIST 800-171. According to Brian Berger, President of Corporation, “Cytellix has been specializing in cybersecurity for over a decade as a trusted partner to the US Government, as well as a multitude of small, medium and large businesses, providing turnkey capabilities to the defense and commercial markets. Our team conducted a comprehensive and detailed review of Mercury Systems’ information controls program which has satisfactorily met the objectives of the NIST 800-171 based on a sampling of the requirements as well as the related cybersecurity requirements as outlined in the DFARS 252.204-7012 clause.”
For more information on Mercury Systems, visit mrcy.com or contact Mercury at (866) 627-6951 or [email protected]