DFARS COMPLIANCE

[compliance for defense contractors and subcontractors]

DFARS COMPLIANCE OVERVIEW

Department of Defense contractors and subcontractors must comply with a cybersecurity program under the Defense Federal Acquisition Regulation Supplement (DAFRS). In order to comply with DFARS, contractors must address numerous clauses within, including:

  • 252.204-7008: Compliance with Safeguarding Covered Defense Information Controls
  • 252.204-7012: Safeguarding Covered Defense Information and Cyber Incident Reporting with the Application of NIST SP 800-171 controls

The deadline for compliance was December 31, 2017. If you have not implemented the regulations by now, you’re at risk for losing current and future DoD contracts.

WHAT IS NIST SP 800-171?

  • NIST 880-171 applies to Controlled Unclassified Information (CUI) for non-federal systems
  • Based on NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations
  • Fourteen security control families
  • One-hundred ten security controls

THE DEADLINE IS HERE