DFARS Compliance is Here to Stay

If you wish to do business with the United States government, there are strict cybersecurity protocols in place. As one of the most sophisticated and sensitive departments of the federal government, the U.S. Department of Defense (DoD) makes no exception. That’s why the DoD gave partner firms dealing with Covered Defense Information (CDI) a strict deadline to meet new cybersecurity requirements in December 2017.

CDI requirements are spelled out in clauses 252.204-7008 (Compliance with Safeguarding Covered Defense Information Controls) and 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting) of the Defense Federal Acquisition Regulation Supplement known as DFARS.

DFARS provides a set of “basic” security controls for contractor information systems upon which CDI information resides, the National Institute of Standards and Technology (NIST) says. In total, 110 controls must be implemented at the contractor and subcontractor levels, based on best practices set in NIST Special Publication 800-171 Protecting Covered Defense Information in Nonfederal Systems and Organizations.

These security requirements are still mandatory to secure and execute contracts with the DoD and the U.S. government is making sure firms stay compliant. Since the 2017 deadline, the DoD has further ramped up its scrutiny for partner firms that meet its DFARS standards. In January 2019, Secretary for Defense Ellen M. Lord called for the Defense Contract Management Agency (DCMA) to audit all top-tier DoD suppliers for DFARS compliance. This marked the department’s first move to audit firms on their adherence to these standards.

That’s not all. In September 2018, the U.S. Navy issued a memorandum seeking enhanced cybersecurity requirements for its partner firms. And in June 2019, NIST released a draft revision 2 for NIST SP 800-171, which provided “minor editorial changes in Chapters One and Two, and in the Glossary, Acronyms, and References appendices.”

With increased regulation and oversight, it’s crucial that firms with DoD contracts remain DFARS compliant if they wish to keep this portion of their business. That’s why firms should partner with a trustworthy third party that specializes in DFARS protocols. An experienced third party can efficiently support a firm’s implementation and maintain DFARS standards and controls.

TalaTek is a leader in DFARS compliance. To learn more about how TalaTek can support organizations with its DFARS Jump Start program, please visit https://talatek.com/ecms-dfars-nist-800-171-compliance-assessment/.