Download:
pdf |
pdfDEFENSE CONTRACT MANAGEMENT AGENCY
Defense Industrial Base Cybersecurity Assessment Center
3901 A. AVENUE, BUILDING 10500
FORT LEE, VIRGINIA 23801-1809
January 9, 2020
RAND Corporation
Attn: Brad Beverage, Director, Financial Reporting & Accounting Services
1776 Main Street
Santa Monica, CA 90401-3297
Dear Mr. Beverage:
On December 9 – 12, 2019, the Defense Contract Management Agency (DCMA)
Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) performed a High
Confidence on-site Assessment of the RAND Corporation’s enterprise implementation of NIST
SP 800-171 at the RAND Corporate Office, Santa Monica, California, verifying compliance with
the DFARS Clause 252.204-7012, using NIST SP 800-171A, “Assessing Security Requirements
for Controlled Unclassified Information.”
The DIBCAC validated that the RAND Corporation is compliant with DFARS 252.2047012 with a Cybersecurity Readiness Score of 106 out of 110. Three Plans of Action are
required for NIST SP 800-171 requirements 3.1.9, 3.5.3, and 3.13.11. This enterprise-level,
High Confidence Assessment and Cybersecurity Readiness Score applies to any contract-level
system security plan that follows the RAND Arroyo System Security Plan. There are four
recommendations detailed in the attached DIBCAC Assessment 20-011 (enclosure 1).
For any inquiries relating to contract level system security plans, please contact DCMA
to determine if the specified plan falls within the assessed enterprise. Validation of contractlevel system security plans may require a medium confidence assessment by the DIBCAC or a
contracting entity outside of DCMA.
This assessment score of 106 shall be used for any requests relating to the RAND
Corporation Enterprise Cybersecurity Assessments for any contracts that fall within the
identified enterprise. The point of contact for inquiries into the use of this score for other
assessments is Mr. Darren King, DCMA DIBCAC Director, darren.j.king.civ@mail.mil, 804416-9263; or the Lead Assessor for this High Assessment of the RAND Corporation, Mr.
Nicholas DelRosso, nicholas.j.delrosso.civ@mail.mil, 570-615-7149.
Sincerely,
KING.DARREN.JOS
EPH.1015966218
Darren J. King
DIBCAC Director
Digitally signed by
KING.DARREN.JOSEPH.10159662
18
Date: 2020.01.09 17:25:08 -05'00'
Mr. Beverage
Page 2
Enclosure(s):
1) DIBCAC Assessment 20-011
Links:
None
cc:
Mr. Jeffrey Watts, ACO, DCMA Los Angeles, Western Regional Command
2
January 9, 2020
File Type | application/pdf |
File Title | December 7, 2009, 2:50 p |
Author | SBrantley |
File Modified | 2020-05-11 |
File Created | 2020-01-10 |