Compliance Made Easy – All About DFARS

 

The top ten cybersecurity companies reflect the speed and scale of innovation.

42% of all endpoints are unprotected, and 100% of endpoint security tools eventually fail.

Zero Trust Privilege helps grant least privilege access based on verifying who is requesting it.

Autonomous threat hunting capitalizes on connecting to multiple channels and detects the signs of potential cyber-attacks.

What is DFARS?

The DFARS (Defense Federal Acquisition Regulation Supplement) requires defense contractors to comply with specific cybersecurity requirements detailed in NIST 800-171. These standards specify the proper manner in which covered defense information (CDI) or controlled unclassified information (CUI) must be handled and protected.

DFARS applies to all prime and subcontractors doing business with the Department of Defense. If you don’t handle CDI/CUI, you must still get an exception and may still need to comply with DFARS and NIST 800-171.

Latest News

12000

While the December 31st deadline set by DoD has come and gone, yet compliance with DFARS remains extremely critical.
Prime contractors and subcontractors who have not fully implemented NIST 800-171 must at least have a System Security Plan (SSP) & a Plan of Action and Milestones (POA&M) in place that accurately reflects their status.
As part of our DFARS consulting process Secure Open Solutions will be able to provide this vital documentation for you in a timely and cost effective manner.

DFARS applies to all prime and subcontractors doing business with the Department of Defense. If you don’t handle CDI/CUI you must still get an exception and may still need to comply with some parts of NIST 800-171

If you’re new to federal contracting or interested in working with the DoD, let this post serve as an outline or introduction to DFARS compliance. DFARS, much like FAR, is massive. There are tons of requirements depending on what products or services you offer. We can’t go into every little detail for every situation, so we’re going to cover the basics.

How NIST Cybersecurity Resources Works
Defense Acquisition University
Guidance on Cybersecurity Audits
DOD CIO Resources

Security Requirements: Imposes 15 specific basic safeguarding requirements on information systems where Federal contract information resides or transits. These safeguarding requirements focus on (i) prohibiting contractors from processing nonpublic government information on publicly available computers and from posting such information on publicly available web-pages.

The Cyber Market

When looking for a solution

There are more than 1,200 cybersecurity companies competing in the cybersecurity market today.
Organizations need to respond to cyber threats today with more adaptive, contextually intelligent security solutions based on a “never trust, always verify, enforce least privilege” approach to privileged access, from inside or outside the network.
Here are some of the companies to consider when searching for the best solution:
TITLE
Front description
DoD has introduced Cybersecurity Maturity Model Certification (CMMC) tha...
FRONT description
DoD has introduced Cybersecurity Maturity Model Certification (CMMC) tha...
DoD has introduced Cybersecurity Maturity Model Certification (CMMC) tha...
DoD has introduced Cybersecurity Maturity Model Certification (CMMC) tha...
DoD has introduced Cybersecurity Maturity Model Certification (CMMC) tha...
DoD has introduced Cybersecurity Maturity Model Certification (CMMC) tha...
DoD has introduced Cybersecurity Maturity Model Certification (CMMC) tha...
DoD has introduced Cybersecurity Maturity Model Certification (CMMC) tha...
DoD has introduced Cybersecurity Maturity Model Certification (CMMC) tha...

NIST 800-171

The DFARS (Defense Federal Acquisition Regulation Supplement) requires defense contractors to comply with specific cybersecurity requirements detailed in NIST 800-171. These standards specify the proper manner in which covered defense information (CDI) or controlled unclassified information (CUI) must be handled and protected.

DFARS applies to all prime and subcontractors doing business with the Department of Defense. If you don’t handle CDI/CUI, you must still get an exception and may still need to comply with DFARS and NIST 800-171.

The requirements

        • Access Control.
        • Awareness and Training.
        • Audit and Accountability.
        • Configuration Management.
        • Identification and Authentication.
        • Incident Response.
        • Maintenance.
        • Media Protection.

DFARS – Defense Federal Acquisition Regulation Supplement

A supplement to the FAR that provides DoD-specific acquisition regulations that DoD government acquisition officials – and those contractors doing business with DoD – must follow in the procurement process for goods and services.

It is not always obvious to business owners the severe cost resulting from gaps in a company’s network infrastructure. Many small business are simply unaware they are at risk. It is easy to assume that threats like cyber terrorism, ransomware, or network intrusion are only concerns for government agencies or large corporations. The reality is that cyber security has evolved, and those who seek to exploit open vulnerabilities have begun to target smaller business and organizations. Sophisticated cyber criminals and rouge nation-states seek to steal information and money where ever they find a path of least resistance, and are actively focusing their attacks on an unsuspecting and unprepared small business community.

Defense Federal Acquisition Regulation Supplement (DFARS) and Procedures, Guidance, and Information (PGI)

The DFARS (Defense Federal Acquisition Regulation Supplement) requires defense contractors to comply with specific cybersecurity requirements detailed in NIST 800-171. These standards specify the proper manner in which covered defense information (CDI) or controlled unclassified information (CUI) must be handled and protected.

DFARS applies to all prime and subcontractors doing business with the Department of Defense. If you don’t handle CDI/CUI, you must still get an exception and may still need to comply with DFARS and NIST 800-171.

Blogs and Articles of Interest

DFARS applies to all prime and subcontractors doing business with the Department of Defense. If you don’t handle CDI/CUI you must still get an exception and may still need to comply with some parts of NIST 800-171

How NIST Cybersecurity Resources Works Together
Defense Acquisition University
Guidance on Cybersecurity Audits
DOD CIO Resources

Security Requirements: Imposes 15 specific basic safeguarding requirements on information systems where Federal contract information resides or transits. These safeguarding requirements focus on (i) prohibiting contractors from processing nonpublic government information on publicly available computers and from posting such information on publicly available web-pages.

Severe cost can result from gaps in a company’s network infrastructure.

Sophisticated cyber criminals, and rouge nation-states have begun to steal information and money wherever they find a path of least resistance, and are actively focusing their attacks on an unsuspecting and unprepared small business community.

CONTACT US

DoD has introduced Cybersecurity Maturity Model Certification (CMMC) that will incorporate DFARS / NIST 800-171