What is DFARS?
The DFARS (Defense Federal Acquisition Regulation Supplement) requires defense contractors to comply with specific cybersecurity requirements in NIST 800-171. These standards specify the proper manner in which covered defense information (CDI) or controlled unclassified information (CUI) must be handled and protected.
To whom does it apply?
DFARS applies to all prime and subcontractors doing business with the Department of Defense. If you don’t handle CDI/CUI, you must still get an exception and may still need to comply with DFARS and NIST 800-171.
What are the penalties for non-compliance?
Failure to comply with DFARS may subject contractors to penalties either by the United States Government (e.g., criminal, civil, administrative, and contractual actions in law), or by people or private organizations impacted by related failures (e.g., actions for damages).
On January 21, 2019, Under Secretary for Defense Ellen M. Lord issued a memo to defense acquisition leaders of her intent to audit the DoD supply chain for DFARS compliance. The memo states that she has called upon the Defense Contract Management Agency (DCMA) to audit all prime contractors for compliance and assess their processes for compliance with the primes’ tier one suppliers.
We have already received a number of calls from our clients stating they have begun to receive notices.
Should your organization find itself subject to an audit, we encourage you prepare for it by referring to our Free Continuous Monitoring and Tracking Document below.
To start the DFARS compliance process, schedule a Free Gap Assessment for your business. We'll take care of the rest.
Phase I: 1 week Hardware, Software, and Installation
$10K – $20K
A combination of private servers and open source or commercial software solutions is implemented to meet the NIST security standards.
Phase II: 1 week Documentation and Training
$4K – $8K
An organization System Security Plan (SSP) and Plan Of Action & Milestones (POA&M) shall be created based on the fourteen families of security controls detailed in NIST SP 800-171.
Phase III: Ongoing DFARS compliance and IT Support
Ongoing DFARS compliance consulting and services required to maintain DFARS compliance including technical support to the organization.
Full DFARS Compliance in 2 weeks!
SIGN UP FOR A FREE GAP ASSESSMENT TODAY. It's a 45 minute phone session to identify the various gaps in your IT system. You will then recieve a customized proposal with a price quote and timeline for DFARS compliance. Note: Please have someone knowledgeable of your IT system present on the call.
“SOS provided a flexible and comprehensive DFARS compliance solution that offered the custom focus that I was looking for. ” - Jeff deGuzman, CEO Advanced Computer Support, Inc.
“I have been in the IT industry for nearly 30 years, but I am a novice when it comes to the regulatory cybersecurity compliance. SOS has been a great organization to partner with to help train us in those areas." -Joe Bond, CEO Dynamic Management Associates
“We consider SOS our business partner and one of our main resources for data security. We believe an organizations of any size would benefit from working with them.” - Mark Caldwell, General Manager MASSA