Understanding the OASIS+ Cybersecurity Requirements

OASIS+ is here! It will provide the first highly visible test of the contracting community’s response to the call for more rigorous cybersecurity.

Read the requirements of OASIS+, and you’ll see that your company needs pre-award C-SCRM – proof of your cybersecurity compliance. These requirements are the same ones that are currently necessary for all government contracts and are equivalent to CMMC Level 1.

What does that mean for your company? You should have a Cybersecurity Plan that provides documentation for how you meet 15 FAR security requirements, which are the same as 17 CMMC Level 1 minimum security controls.

Derek Kernus, Director of Cybersecurity Operations at DTS, and Mike Lombardi, Information System Security Manager for DTS, will explain the requirements in plain language and discuss a few ways these minimum requirements can be handled internally – saving thousands of dollars.

We’ll cover:

An easy-to-understand overview of OASIS+ security requirements from FAR 52.204-21―Basic Safeguarding of Covered Contractor Information Systems, and how they are the same as the 17 minimum security controls required for CMMC Level 1
Documenting compliance and what’s involved in writing a cyber security plan
Do-it-yourself options
3 signs that you may need outside help
Timing: How long does it take to write a cybersecurity plan?
Key dates for OASIS+
How early compliance can be used as a competitive advantage
Audience Q&A

Speaker and Presenter Information

Derek Kernus

Director of Cybersecurity OperationsDTS Consulting

Derek leads a team of cybersecurity professionals focused on helping federal contractors and other businesses build or remediate their cybersecurity programs to meet compliance requirements. In his role, he seeks growth opportunities in emerging technologies, enhances DTS’ use of technology solutions, and monitors the company’s own compliance. His insights benefit clients needing process improvement, technology transformation, and fractional CIO support. Mr. Kernus has a strong background in IT and Cybersecurity as well as government compliance. Before joining DTS, he was a successful regional manager for several strategic technology firms. Mr. Kernus’ leadership abilities were awarded the William and Mary Cypher Award and he served on the Executive Board for MBAA and the MBA Student Council. He holds a Master of Business Administration from William and Mary’s School of Business, Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP) certifications from ISC2, and is a Certified CMMC Professional from The Cyber AB.

Mike Lombardi

Information System Security ManagerDTS Consulting

Mike Lombardi leads DTS' CMMC remediation projects and oversees the ongoing compliance maintenance of DTS' MSSP customers as well as DTS' internal compliance programs. Prior to joining DTS, Mike worked as an ISSM for The MITRE Corporation tasked with attaining and maintaining Authorities to Operate for various classified information systems and programs and, before MITRE, as an Information Systems Technician in the United States Navy. Mike holds multiple industry recognized certifications, including CISSP, CASP, Security+, CEH,, CCNA, CMMC Certified Professional. Mike has completed a B.S. in Criminal Justice (2013), an M.S. in Homeland Security (2015), and an M.S. in Cybersecurity and Information Assurance (2020).

Relevant Government Agencies

Air Force, Army, Navy & Marine Corps, Intelligence Agencies, DOD & Military, Office of the President (includes OMB), Dept of Agriculture, Dept of Commerce, Dept of Education, Dept of Energy, Dept of Health & Human Services, Dept of Homeland Security, Dept of Housing & Urban Development, Dept of the Interior, Dept of Justice, Dept of Labor, Dept of State, Dept of Transportation, Dept of Treasury, Dept of Veterans Affairs, EPA, GSA, USPS, SSA, NASA, Other Federal Agencies, Legislative Agencies (GAO, GPO, LOC, etc.), Judicial Branch Agencies, CIA, FEMA, Office of Personnel Management, Coast Guard, National Institutes of Health, FAA, Census Bureau, USAID, National Guard Association, Federal Government, FDA, NSA, FCC