While the December 31st deadline set by DoD has come and gone, yet compliance with DFARS remains extremely critical.
Prime contractors and subcontractors who have not fully implemented NIST 800-171 must at least have a System Security Plan (SSP) & a Plan of Action and Milestones (POA&M) in place that accurately reflects their status.
As part of our DFARS consulting process Secure Open Solutions will be able to provide this vital documentation for you in a timely and cost effective manner.
DFARS applies to all prime and subcontractors doing business with the Department of Defense. If you don’t handle CDI/CUI you must still get an exception and may still need to comply with some parts of NIST 800-171
If you’re new to federal contracting or interested in working with the DoD, let this post serve as an outline or introduction to DFARS compliance. DFARS, much like FAR, is massive. There are tons of requirements depending on what products or services you offer. We can’t go into every little detail for every situation, so we’re going to cover the basics.