fbpx

How to Prepare for DFARS Compliance

Related Posts Should You Hire or Outsource to Improve Cybersecurity? Many businesses struggle with the decision of hiring in-house employees or choosing to use an MSSP to improve cybersecurity. Cybriant CTO: Analysis of a Phishing Email I recently received an interesting phishing email that I shared with the rest of our company as part of […] Read More

DFARS: Defense Federal Acquisition Regulation Supplement. A supplement to the Federal Acquisition Regulation (FAR) used by the Department of Defense. Any contractor that does business with the Department of Defense is required to be in compliance with DFARS by December 31, 2017. 

Today, more than ever, the federal government is relying heavily on external service providers and contractors to help carry out a wide range of federal missions and business functions. These outsourced contractors have access to sensitive federal information that requires protection.

The need to protect Controlled Unclassified Information (CUI)

Since 2010, the CUI program has been in place to handle the way the federal government handles the unclassified information that requires protection. Regarding contractors, the Federal Acquisition Regulation (FAR) clause has been in place since 2016 to apply the requirements of NIST Special Publication 800-171 to the contractor environment as well as to determine oversight responsibilities and requirements.

As of December 2015, the Defense Federal Acquisition Regulation Supplement (DFARS) clause 225.204-7012 requires contractors to implement NIST Special Publication (SP) 800-171 standards as soon as practical, but not later than December 31, 2017.
To achieve this level of security, contractors that work with the Department of Defense need to provide an acceptable level of security if you want to be allowed to receive information determined by DoD to be of a sensitive nature.

How to prepare for DFARS compliance

Cybriant is well-versed in the NIST 800-171 standards and can assess your situation and recommend a plan. NIST SP 800-171 compliance is a dynamic process. Your IT systems, as well as government security standards, are always changing. Achieving compliance is only the start; maintaining compliance is an ongoing process. Automating your company’s monitoring program is the ideal way to ensure ongoing success in maintaining and documenting compliance on a continuous basis.

Here are four checkpoints to have in place to help you prepare for DFARS compliance:

  1. Security Controls
  2. Cyber Incident Reporting
  3. Information Systems Security Assessments
  4. Information Security Continuous Monitoring

If you are a company that does business with the Department of Defense, contact Cybriant today. We’ll help you prepare for the upcoming DFARS compliance deadline of December 31, 2017. This is potentially a 6 – 12 month engagement, so get started today.

Complimentary Security Analysis

Related Posts
Should You Hire or Outsource to Improve Cybersecurity?
improve cybersecurity

Many businesses struggle with the decision of hiring in-house employees or choosing to use an MSSP to improve cybersecurity.

Cybriant CTO: Analysis of a Phishing Email
phishing email

I recently received an interesting phishing email that I shared with the rest of our company as part of our Read more

Capital One Data Breach: Importance of Cybersecurity Basics
capital one data breach

By now you’ve heard of the Capital One Data Breach that happened on July 29, 2019 where a hacker gained Read more

Four Methods for Creating Stronger Passwords
stronger passwords

If you are incorporating cybersecurity standards in your organizations, you must start with a framework. In addition, your users should Read more