RAND DIBCAC Assessment Report

RAND_DIBCAC_Assessment_Report_Jan2020 Memo.pdf

Qualitative Data Collection on Access to Food on and Near Military Installations

RAND DIBCAC Assessment Report

OMB: 0704-0665

Document [pdf]
Download: pdf | pdf
DEFENSE CONTRACT MANAGEMENT AGENCY
Defense Industrial Base Cybersecurity Assessment Center
3901 A. AVENUE, BUILDING 10500
FORT LEE, VIRGINIA 23801-1809

January 9, 2020
RAND Corporation
Attn: Brad Beverage, Director, Financial Reporting & Accounting Services
1776 Main Street
Santa Monica, CA 90401-3297
Dear Mr. Beverage:
On December 9 – 12, 2019, the Defense Contract Management Agency (DCMA)
Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) performed a High
Confidence on-site Assessment of the RAND Corporation’s enterprise implementation of NIST
SP 800-171 at the RAND Corporate Office, Santa Monica, California, verifying compliance with
the DFARS Clause 252.204-7012, using NIST SP 800-171A, “Assessing Security Requirements
for Controlled Unclassified Information.”
The DIBCAC validated that the RAND Corporation is compliant with DFARS 252.2047012 with a Cybersecurity Readiness Score of 106 out of 110. Three Plans of Action are
required for NIST SP 800-171 requirements 3.1.9, 3.5.3, and 3.13.11. This enterprise-level,
High Confidence Assessment and Cybersecurity Readiness Score applies to any contract-level
system security plan that follows the RAND Arroyo System Security Plan. There are four
recommendations detailed in the attached DIBCAC Assessment 20-011 (enclosure 1).
For any inquiries relating to contract level system security plans, please contact DCMA
to determine if the specified plan falls within the assessed enterprise. Validation of contractlevel system security plans may require a medium confidence assessment by the DIBCAC or a
contracting entity outside of DCMA.
This assessment score of 106 shall be used for any requests relating to the RAND
Corporation Enterprise Cybersecurity Assessments for any contracts that fall within the
identified enterprise. The point of contact for inquiries into the use of this score for other
assessments is Mr. Darren King, DCMA DIBCAC Director, darren.j.king.civ@mail.mil, 804416-9263; or the Lead Assessor for this High Assessment of the RAND Corporation, Mr.
Nicholas DelRosso, nicholas.j.delrosso.civ@mail.mil, 570-615-7149.
Sincerely,

KING.DARREN.JOS
EPH.1015966218
Darren J. King
DIBCAC Director

Digitally signed by
KING.DARREN.JOSEPH.10159662
18
Date: 2020.01.09 17:25:08 -05'00'

Mr. Beverage

Page 2

Enclosure(s):
1) DIBCAC Assessment 20-011
Links:
None
cc:
Mr. Jeffrey Watts, ACO, DCMA Los Angeles, Western Regional Command

2

January 9, 2020


File Typeapplication/pdf
File TitleDecember 7, 2009, 2:50 p
AuthorSBrantley
File Modified2020-05-11
File Created2020-01-10

© 2024 OMB.report | Privacy Policy