DFARS: Defense Federal Acquisition Regulation Supplement. A supplement to the Federal Acquisition Regulation (FAR) used by the Department of Defense. Any contractor that does business with the Department of Defense is required to comply with DFARS by December 31, 2017.
Today, more than ever, the federal government is relying heavily on external service providers and contractors to help carry out a wide range of federal missions and business functions. These outsourced contractors have access to a sensitive federal information that requires protection.
The need to protect Controlled Unclassified Information (CUI)
Since 2010, the CUI program has been in place to handle the way the federal government handles the unclassified information that requires protection. Regarding contractors, the Federal Acquisition Regulation (FAR) clause has been in place since 2016 to apply the requirements of NIST Special Publication 800-171 to the contractor environment as well as to determine oversight responsibilities and requirements.
As of December 2015, the Defense Federal Acquisition Regulation Supplement (DFARS) clause 225.204-7012 requires contractors to implement NIST Special Publication (SP) 800-171 standards as soon as practical, but no later than December 31, 2017.
To achieve this level of security, contractors that work with the Department of Defense need to provide an acceptable level of security if they want to be allowed to receive information determined by the DoD to be sensitive.
Related: Why CISOs Need to Care about Compliance Regulation in Cybersecurity
How to prepare for DFARS compliance
Cybriant is well-versed in the NIST 800-171 standards and can assess your situation and recommend a plan. NIST SP 800-171 compliance is a dynamic process. Your IT systems, as well as government security standards, are always changing. Achieving compliance is only the start; maintaining compliance is an ongoing process. Automating your company’s monitoring program is the ideal way to ensure ongoing success in maintaining and documenting compliance continuously.
Here are four checkpoints to have in place to help you prepare for DFARS compliance:
- Security Controls
- Cyber Incident Reporting
- Information Systems Security Assessments
- Information Security Continuous Monitoring
If you are a company that does business with the Department of Defense, contact Cybriant today. We’ll help you prepare for the upcoming DFARS compliance deadline of December 31, 2017. This is potentially a 6 – 12 month engagement, so get started today.
4 Necessary Elements of a Compliance Management Framework