What Department of Defense Contractors Need to Know to Become Compliant
If you contract for the Department of Defense, you need to follow strict cybersecurity rules known as DFARS or face losing business. Here’s what you need to know.
What is DFARS?
DFARS stands for Defense Federal Acquisition Regulation Supplement. It’s a wide range of requirements for Department of Defense contractors that covers everything from labor practices to sourcing components domestically. Since 31 December 2017, DFARS has included cybersecurity standards designed to make sure government information remains confidential where necessary.
Contractors must not only meet the rules, but prove they have done so before they get a contract. The DoD can also audit companies mid-contract. If a company isn’t following the rules, the DoD could order it to stop work until it fixes the problem; cancel the contract immediately; or even ban the company for applying for future contracts.
The rules cover “Controlled Unclassified Information”. That’s a category for information that’s a step short of being Classified (where government security clearance is needed) but is still sensitive and has restricted access.
How DoD Contractors Can Comply
In theory, you can run your own checks using a government “Self Assessment Handbook” to make sure you meet (and continue to meet) the DFARS cybersecurity rules. In practice this can be tricky if you don’t have the relevant expertise; it can also suck up valuable resources. Another problem is that you may still be unsure you’ve definitely met the rules.
Another option is to use a service provider who specializes in DFARS consulting. They’ll have the experience and resources to audit your system, identify any shortfalls and put things right in the most efficient manner possible. They’ll also be able to give you peace of mind that you’ve met all the rules and even help out with the paperwork needed to prove your compliance when bidding for DoD contracts.
Download Free DFARS Self Assessment Handbook: