What do I need to do to be DFARS compliant?

With the escalating cyber threats that affect the U.S. Government, the U.S. Department of Commerce issued a Defense Federal Acquisition Regulation Supplement (DFARS) to safeguard the U.S. Department of Defense’s (DoD) unclassified information. The regulation now requires all aerospace and defense companies to be compliant.

Roadmap to DFARS Compliance

In order to be considered DFARS compliant, organizations need to pass a readiness assessment according to the NIST SP 800-171 guidelines.

On average, it will take an organization about six to ten months to become compliant, depending on the organization’s current security status and the available resources they have at their disposal.

Planning is the key to ensure success in your DFARS compliance expedition. It is essential to treat this as a major project, with the mindset of having the needed resources and funding set ahead of time. Many companies hire specialists and consultants and this can really expedite the process, plus it can help an organization to avoid common errors.

Let’s look at an action plan or roadmap to guarantee your cloud environment is safe and compliant according to the DFARS mandate.

Step 1: Calculate Your Organization’s Applicability

Key Question: How can your organization stay relevant?

Using the controls listed in NIST SP 800-171, document the gaps between your current position and the expected end goal.

To ensure your organization is applicable, check off these essentials for Step 1:

  • Review all contracts to pinpoint important DFARS clauses and provisions.
  • Review DFARS to determine the type of CDI or CUI (see Clause 252.204-7012) that applies.
  • Check your applicability with the Contracting Officer as needed.
  • Define what systems, processes, programs, applications, hardware, software, people, etc. fall under the scope of your NIST 800-171 compliance.

Step 2: Build a Remedial Plan to Safeguard against Non-Compliance

Key Question: What is your current Security Status?

In order to stay NIST SP 800-171 compliant, make sure you can put a check next to these measures:

  • Conduct a control gap analysis against NIST SP 800-171.
  • Develop solutions for the identified defects that you find.
  • Meet with your subcontractors and other business partners to make sure you are both on track and in step for compliance.

Step 3: Implement Your Remediation Plan to Ensure Compliance

Key Question: Have you developed a plan of action to track your progress?

Developing a system security plan will give you the peace of mind in knowing that you are going to be compliant. You won’t have to worry about fines and penalties.

  • Develop or revise controls as needed to remedy the control gaps with NIST SP 800-171.
  • Organize your validation testing after remediation is completed to confirm controls are designed and operating effectively (You then need to make sure you have the agreement of your Contracting Officer).

Step 4: Continuously Monitor and Follow-Up

Key Question: How do you maintain constant monitoring to ensure compliance?

Establishing a plan to effectively monitor your compliance can be achieved by doing the following:

  • Use tools, templates, reports, and metrics to develop an ever-flowing monitoring program.
  • For accountability, organize monitoring activities and provide status updates to significant investors on your performance and progress.

Conclusion:

To Be DFARS Compliant, it is important to remember to set controls in place for current systems and data, while remembering the need to cover new systems and data as they are created. If you fail to keep this in mind, you will assuredly find yourself falling short of compliance.

There is a propensity within organizations to place an emphasis on the controls during the implementation phase, but once the system is up and running, they tend to take their foot off the gas and eyes off the road. Sustaining constant compliance is a never-ending process. You must continuously make sure that new data and systems are effectively classified and that the correct controls are applied. Once DFARS is running and business returns to normal, a high level of attentiveness must be maintained to guarantee the safety and compliance of your organization.


Managed Services
Managed IT Managed Service Desk Managed Cloud Services Managed Security Services Managed Backup and Disaster Recovery VOIP Phone Systems
Professional Services Page
IT Projects Migration Services Office 365 Development Business Systems Support Azure Cloud Solutions Anything as a Service (XAAS) Carrier Services
Archives by Subject

The three sectors with the biggest spending on cybersecurity are banking, manufacturing, and the central/federal government, accounting for 30% of overall spending (IDC).

More than 33 billion records will be stolen by cybercriminals by 2023, an increase of 175% from 2018.

The average cost of a data breach in the United States is $8.64 million, which is the highest in the world, while the most expensive sector for data breach costs is the healthcare industry, with an average of $7.13 million (IBM).

Forty-three percent of attacks are aimed at SMBs, but only 14% are prepared to defend themselves (Accenture).

40% of businesses will incorporate the anywhere operations model to accommodate the physical and digital experiences of both customers and employees (Techvera).

The cost of cybercrime is predicted to hit $10.5 trillion by 2025, according to the latest version of the Cisco/Cybersecurity Ventures “2022 Cybersecurity Almanac.”.

It takes an average of 287 days for security teams to identify and contain a data breach, according to the “Cost of a Data Breach 2021” report released by IBM and Ponemon Institute.

The internal team was energized. With the Level 1 work off its plate, the team turned its attention to the work that fueled company growth and gave them job satisfaction.

Large Healthcare Company

We did a proof of concept that met every requirement that our customer might have. In fact, we saw a substantial improvement.

Steve Fout, VP Sales, Godlan, Inc

We did everything that we needed to do, financially speaking. We got our invoices out to customers, we deposited checks, all the things we needed to do to keep our business running, and our customers had no idea about the tragedy. It didn’t impact them at all.

Denise Koontz, CFO, Got You Floored

“We believe our success is due to the strength of our team, the breadth of our services, our flexibility in responding to clients, and our focus on strategic support.”

Dynamic Quest

Our Vendors