conduct penetration testing of its operations to help ensure that it is able to meet the government’s requirements for cybersecurity and the protection of government owned sensitive but unclassified information.

Essay Help

18 Apr 2022 Homework Help

conduct penetration testing of its operations to help ensure that it is able to meet the government’s requirements for cybersecurity and the protection of government owned sensitive but unclassified information.

Sifers-Grayson

Background

Sifers-Grayson is a family owned business headquartered in Grayson County, Kentucky, USA. The company’s physical address is 1555 Pine Knob Trail, Pine Knob, KY 42721. The president of the company is Ira John Sifers, III. He is the great-grandson of one of the company’s founders and is also the head of the engineering department. The chief operating officer is Michael Coles, Jr. who is Ira John’s great nephew. Mary Beth Sifers is the chief financial officer and also serves as the head of personnel for the company.

Recent contracts with the Departments of Defense and Homeland Security have imposed additional security requirements upon the company and its R&D DevOps and SCADA labs operations. The company is now required to comply with NIST Special Publication 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. The company must also comply with provisions of the Defense Federal Acquisition Regulations (DFARS) including section 252-204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting. These requirements are designed to ensure that sensitive technical information, provided by the federal government and stored on computer systems in the Sifers-Grayson R&D DevOps and SCADA labs, is protected from unauthorized disclosure. This information includes software designs and source code. The contract requirements also mandate that Sifers-Grayson report cyber incidents to the federal government in a timely manner.

The company has agreed to allow an external Red Team to :

-conduct penetration testing of its operations to help ensure that it is able to meet the government’s requirements for cybersecurity and the protection of government owned sensitive but unclassified information. The company has also assigned personnel to conduct After Action Reviews of the penetration testing.