Defense Federal Acquisition Regulation Supplement (DFARS)

Cybersecurity attacks on the US Defense Industry increase in both sophistication and frequency Adversaries target anyone who possesses sensitive information including not only Government organizations, but also prime contractors, subcontractors and suppliers. As if January 1, 2018, all Department of Defense (DoD) contractors and subcontractors are required to comply with Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 Safeguarding Covered Defense Information (CDI) and Cyber Incident Reporting. The DFARS requirements are based on the National Institute of Standards & Technology (NIST) Special Publications (SP) 800-171.  This SP imposes baseline security standards and expanding the information that is subject to safeguarding. If an audit determines a failure to meet the requirements of the DFARS requirement, consequences may include criminal, civil, administrative, or contract penalties – including termination of contracts.

Key Impacts of DFARS include:

  1. Compliance: Must be achieved by meeting 110 security requirements across fourteen control categories additional (NIST SP 800-171 - industry best practice information);
  2. Incident Reporting: Contractors have 72 hours to report cyber incidents to the DoD Chief Information Officer (CIO); and
  3. Flowdown: DFARS 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting must be flowed down to all suppliers / subcontractors who store, process and/or generate CDI as part of contract performance.

How CyberDx Helps with DFARS Compliance

In order to be DFARS compliant, you must begin with a complete scoping and readiness assessment to measure your compliance with the NIST SP 800-171 guidelines, then remediate gaps identified. Our highly qualified team of NIST compliance professionals–with 18 + years of cyber security and compliance experience–are ready to meet your readiness needs. We have mature and comprehensive processes that ensure your strengths and gaps are identified and quickly remediated.