The Defense Federal Acquisition Regulation Supplement (DFARS) is a strict set of regulations enacted for all Department of Defense (DoD) contractors that handle Controlled Unclassified Information (CUI). All contractors must be DFARS compliant to attain U.S. DoD contracts. Each contractor must implement a DFARS Assessment, either on their own or through a third-party vendor.
Be DFARS Compliant
To be awarded DoD contracts, a company must be compliant with the National Institute of Standards and Technology (NIST) Special Publication 800-171 Controls. The CMMC is an aid to compliance that will be released in 2020, discussed further below.
These regulations guard the DoD against both domestic and foreign cyber threats. The weakest link in the DoD supply chain is the inadequacy of security measures taken by outside contractors. While large corporations that deal regularly with the government implement strict cybersecurity regulations, smaller organizations normally do not. This is important because enemies of the US target DoD contractors—the weakest link in the DoD supply chain—to steal military secrets. Disregard for protocol opens the door to a great security risk for the U.S. from foreign operatives. Software and control system vendors pose the greatest potential risk.
Get Ready for CMMC
The Cybersecurity Maturity Model Certification (CMMC) is a means to enforce the DFARS. The DoD is expected to release the initial version of the CMMC in January of 2020 and implement the certification by early June. Click for current CMMC information. The implementation of processes outlined in the CMMC will reduce the risk of potential cyber threats and provide opportunities for small businesses to become compliant. The CMMC will: • Evaluate standards and best practices regarding cybersecurity for all levels of security clearance. • Build upon DFARS and implement a verification component for contractors to provide proof of compliance. • Certify independent, third-party institutions to perform audits and report risk factors. • Provide an affordable avenue for small businesses to comply.
Safeguarding the DoD and the U.S.
In 2017, $700 billion was allocated in the national budget for defense spending. A large portion of these resources was paid to private businesses providing goods and services to the DoD, aka defense contractors. The use of private entities increases the risk of sensitive information, including military secrets, becoming vulnerable to hackers. The U.S. government has no choice but to implement regulations like those in DFARS, and further enforce them through the CMMC to ensure the safety of our nation. Contractors must verify compliance or risk losing defense contracts.
Please be sure to check out our other cybersecurity content.
Justus Daniel Eapen is a policy level Organizational Transformation Consultant with over 25 years experience in Banking & Government.