Author Archives: Client Support

NIST Releases Two Draft Guidelines on Personal Identity Verification (PIV) Credentials

NIST is announcing the initial public drafts of NIST SP 800-157r1 (Revision 1), Guidelines for Derived Personal Identity Verification (PIV) Credentials, and NIST SP 800-217, Guidelines for Personal Identity Verification (PIV) Federation. These two SPs complement Federal Information Processing Standard (FIPS) 201-3, which defines the requirements and characteristics of government-wide interoperable identity credentials used by federal employees and contractors.

  • NIST SP 800-157 has been revised to feature an expanded set of derived PIV credentials to include public key infrastructure (PKI) and non-PKI-based phishing-resistant multi-factor authenticators.
  • NIST SP 800-217 details technical requirements on the use of federated PIV identity and the interagency use of assertions to implement PIV federations backed by PIV identity accounts and PIV credentials.

NIST will introduce both draft documents at a virtual workshop on February 1, 2023. Please see the workshop homepage to register and attend the virtual event. 

The public comment period for both draft publications is open through March 24, 2023. See the publication details for NIST SP 800-157r1 and NIST SP 800-217 to download the drafts and find instructions for submitting comments.

QMSCAPA Update: v2.20.10

QMSCAPA for Workgroups

Important additions, enhancements and fixes have been made in a new release of QMSCAPA™ (version 2.20.10) and is available for download from QMSCAPA.app.

Enhancements

  • Sales Order and Contract Review
  • Purchasing Processes, including:
    • Request for Quote,
    • Receiving Inspections
    • Supplier Evaluations and Survey Questionnaires
  • Quality Monitoring and Measuring Methods
    • Customer Satisfaction Evaluations and Surveys
    • On-time Delivery
    • Purchasing Processes
    • Manufactruing/Production Processes
    • Sales Order and Contract Review Processes
  • Training Programs, Schedules and Training Effectiveness Records

For more information go to QMSCAPA.app

FREE E-Book for ISO 9001:2015 Requirements

Guidance for Implementation of Quality Management Systems for Certification to the ISO 9001:2015 Standard

Complete the form below to download the “eBook”

Awareness Training for CMMC Requirements

CMMC Accreditation Body

This ABCI online self-study foundations course for Awareness Training about the Cybersecurity Maturity Model Certification (CMMC) includes the following Modules:

  • Module 1 – CMMC and DFARs Course Introduction
  • Module 2 – Information Security Management Systems (ISMS)
  • Module 3 – CUI and NIST 800-171
  • Module 4 – DFARs Clause 252.204-7012
  • Module 5 – DFARs Clause 252.204-7012 Q&A
  • Module 6 – Cybersecurity Maturity Model Certification (CMMC)

NIST Special Publication 800-171 and the Defense Federal Acquisition Regulation supplement (DFAR) Clause 252.204-7012 for safeguarding and reporting Covered Defense Information (CDI).

Controlled Unclassified Information (CUI) is any information that law, regulation, or governmentwide policy requires to have safeguarding or disseminating controls.

  • CUI supports federal missions and business functions that affect the economic and national security interests of the United States.

Non-federal organizations:

  • colleges, universities,
  • state, local and tribal governments,
  • federal contractors and subcontractors often process, store, or transmit CUI.

NIST Special Publication 800-171 defines the security requirements for protecting CUI in non-federal information systems and organizations.

  • Requirements are organized into fourteen families.
  • Each family contains the requirements related to the general security topic of the family.

Defense Federal Acquisition Regulation supplement (DFARs) Clause 252.204-7012 is required in all contracts except for contracts solely for the acquisition of COTS items.

  • In addition the Contractor shall include the clause in subcontracts for which performance will involve Covered Defense Information or Operationally Critical Support.
  • CDI, is used to describe information that requires protection under DFAR Clause 252.204-7012.
  • It is defined as unclassified Controlled Technical Information or other information as described in the CUI Registry.

(http://www.archives.gov/cui/registry/category-list.html)

  • CUI requires safeguarding/dissemination controls AND IS EITHER marked or otherwise identified in the contract and provided to the contractor by DoD in support of performance of the contract;
  • Or the CDI is collected, developed, received, transmitted, used or stored by the contractor in performance of contract.

Order Online Through PayPal’s Secure Card Services

Select Quantity of Students
1st Student Full Name & Email
2nd Student Full Name & Email