Recognizing that A&D companies are vulnerable to attacks by hackers and state-sponsored groups, the U.S. federal government has placed new regulations on the A&D industry aimed at safeguarding Controlled Unclassified Information (CUI).
These regulations, which could result in non-compliant A&D contractors being blocked from competing for government contracts, come at a time when IT organizations are implementing next-gen infrastructure and data analytics programs and expanding integration with partners and suppliers. Cloud-based applications and mobile devices are already part of the increasingly globalized workplace, as A&D companies move toward a more agile IT as a Service model.
Under these regulations, A&D companies must report a breach or intrusion within 72 hours. In addition, the National Institute of Standards and Technology (NIST) will require A&D firms to demonstrate compliance in a wide range of areas, including:
- Access control, identification and authentication
- System and information security
- Audit and accountability
- Configuration management and media protection
- Incident response
- Personnel security and physical protection
- Risk and security assessments
Comprehensive Enterprise Security Roadmap
To prepare for this environment, A&D firms must take an enterprise-wide approach to cybersecurity, extending to partners and suppliers. DXC’s deep industry knowledge, security specialists and end-to-end solutions for traditional and next-gen technologies can help you as you adapt to evolving threats and to fast-changing business requirements and regulatory mandates.
Our Security Advisory Services provide a set of repeatable processes, tools and services that provide a foundational approach to evaluating cybersecurity programs and planning and implementing future enhancements.
This security framework is built on recognized standard platforms to support multiple compliance programs, including ISO 27001/27002, NIST, DFARS, COBIT, ITIL and HIPAA. Going beyond typical third-party FedRAMP audits, this security framework enables your organization to employ what-if scenarios for new technologies and processes aimed at accelerating design and production, using data more effectively and lowering IT costs. Examples include:
- Securing design and engineering environments to mitigate against risks from advanced persistent threats
- Consolidating regional facilities and reducing the number of bare metal desktops with vulnerabilities
- Increasing productivity and collaboration among designers, engineers, partners, joint ventures and suppliers
Our enterprise security roadmap involves a three-phase approach for evaluating your current security posture, defining your priorities and migrating to your desired future state, along with ongoing monitoring:
Assessment. We help evaluate your current state throughout the enterprise, measure your security maturity levels against your peers in the A&D industry and identify gaps in your program.
- Future state planning. We help you define your future state, identify remediation projects and assess the complexity and impact of each proposed project. Each project will have a defined set of goals, outcomes and anticipated improvements.
- Migration planning. Our team helps you prioritize improvement projects and rationalize your investments to develop a 3e- to 5-year enterprise security strategy.
- Ongoing monitoring. We help ensure that you are compliant going forward, particularly against new regulations.
This comprehensive framework is a valuable tool for audit preparation, budget planning and ensuring your improvement program stays on track. Our roadmap maturity model provides an at-a-glance view of how your enterprise compares to other A&D industry companies’ maturity ranges. It helps you plan key milestones to drive and prioritize projects to establish desired levels of maturity within each domain.
Security Controls Framework
Our Security Controls Framework helps your organization ensure compliance. The tool is used to perform repeatable compliance assessments that over time provide you with a cumulative view of your compliance program. You get a snapshot of your current state as well as any patterns or trends developing throughout the enterprise.
Our team will help you define the scope of applicable regulations or standards and perform a compliance gap assessment for each regulation. We review your security controls features, ranks them on a six-point scale and sets targets for controls enhancements. We then tests your controls and recommends corrective actions.
The controls framework can be implemented as a standalone service to evaluate compliance or as a component of your existing Compliance Assurance Program (CAP), to profile and monitor controls and support audit preparation.
In addition to these specialized cybersecurity services, we can help with every step of moving your enterprise to the cloud. We are one of the few companies in the world that can manage private and hybrid cloud transition and deliver IaaS that integrates mainframe, midrange, private and public cloud into an effective whole.
The DXC Agility Platform™ centralizes governance and security across multiple clouds and cloud providers, enabling you to rapidly launch new programs with standardized security controls.
With more than 50 years of experience in aerospace and defense, we are a global leader in next-gen IT services and solutions. DXC works closely with the world’s leading government and commercial A&D clients to transform traditional IT environments, manage and analyze data, secure IT environments, and take advantage of mobility and emerging technologies.