As more of the world’s data becomes digitized, cybersecurity is all the more important for those who work daily with sensitive information. Cybercrime has become a particularly important issue to take into consideration for new Department of Defense contractors, and familiarity and compliance with the Defense Federal Acquisition Regulations Supplement, also known as DFARS, is paramount to keeping sensitive government data secure.
What Is DFARS?
DFARS is a supplement to the Federal Acquisition Regulation and is administered by the Department of Defense. The DFARS indicates legal requirements, Department of Defense policies, delegations of authorities, deviations of requirements, and procedures that have a significant effect on the federal government and American security. As a DoD contractor, it is important to become familiar with and stay updated on DoD policies when it comes to dealing with government information.
How It Affects You
As a DoD contractor, the most important thing to do is to stay updated on DFARS changes. Any subcontractors are also required to follow DFARS cybersecurity requirements. It is the responsibility of the contractor to verify subcontractor compliance. In addition to compliance, contractors should expect cybersecurity audits. All DoD contractors, prime or sub, need to be ready for DoD-led audits of their internal IT processes. DoD contractors are required to have completed an assessment of the most current security protocols against an established standard. In addition, this analysis must be documented in the contractor’s system security plan. Any gaps between the current protocols against standards must be addressed, and a plan of action must be created to bring security back into compliance.
What You Need to Do
Any contractor that processes, stores or transmits Controlled Unclassified Information (CUI) is required to pass DFARS compliance. You will also be responsible for the compliance of all subcontractors with access to CUI that you’ve hired. Unfortunately, the DFARS compliance checklist is complicated and overwhelming. The government does provide a handbook called “Self Assessment Handbook – NIST Handbook 162” to assist potential contractors with coming into compliance. In addition, compliance providers are available to help contractors cross the compliance gap.
The world is rapidly being digitized, and data is being entered into the digital format faster than most companies can update its security. However, certain information is essential to national welfare and security. This is why the DFARS is set as a cybersecurity standard that all contractors who work with government departments are expected to follow. That information is crucial for DoD contractors and subcontractors.
Check out our other valuable blog content!