Cybersecurity 101

Online Course for DoD Contractors

Education on the DFARS Cybersecurity Requirements

Totem.Tech’s Cybersecurity 101 educational resource was created by our cybersecurity engineers and compliance analysts after  working through our DoD compliance and assisting dozens of contractors with their DoD requirements. It is important to us that our customers understand the importance of cybersecurity, even though most don’t have a cybersecurity or an IT background. We have taken a complex topic and simplified it. Each of the seven-week readings are easy to understand, self-paced, with full online accessibility or printable in PDF format. 

Included in this seven-week educational series is a 30 minute compliance assessment with one of our cyber engineers using the DoD’s Assessment Methodology. This will help you understand how the DoD would score your company’s cybersecurity compliance.  

The goal from our engineers and analysts was to provide clarity and practical guidance on many common questions about the compliance process. Here are some of those questions:

• Which DoD contractors need to complete the DFARS cybersecurity requirements?

• How do I get started with becoming complaint with DFARS cybersecurity requirements?

• If I utilize the cloud, am I still required to comply with DFARS cybersecurity requirements?

• What do I show auditors when they ask if my organization is DFARS compliant?

• Why does my organization need an incident response plan?

• What is the Cybersecurity Maturity Model Certification (CMMC)?

1.1 Brief overview of cybersecurity requirements and why they are there.

1.2 Does every Government Contractor have to comply? What is CDI? Do I have any CDI?

1.3 First Step: Segregating or co-mingling CDI with other corporate data.

2.1 Introduction to System Security Plans (SSP).

2.2 FARS 17 – How to prioritize implementation.

2.3 Addressing the other challenging controls.

3.1 Introduction to Plan of Actions and Milestones (POA&M).

3.2 Risk Assessment vs. Control Assessment.

4.1 Proactive doesn’t mean no incidents: Differences between an event, incident, and breach.

4.2 Introduction to Incident Response Plans.

4.3 Incident Response Reporting.

5.1 What is the cloud? Can I use it for DFARS compliance?

5.2 FedRamp and cloud service security requirements.

5.3 Who is responsible if there is a breach?

6.1 Importance of company buy-in to your cybersecurity policies.

6.2 Where to start? Company training and Authorized Use Policies (AUP).

7.1 Differences between control assessment, vulnerability scanning, pen testing, and risk assessments.

7.2 Schedule compliance assessment (included in DFARS Cybersecurity 101 class).