DFARS Compliance

Security as a Service.

DFARS Compliance2018-08-03T16:25:08-06:00

Defense Federal Acquisition Regulation Supplement

What is DFARS? What businesses does it affect?

Defense Federal Acquisition Regulation Supplement (DFARS) provides Department of Defense (DoD) specific acquisition regulations that contractors doing business with DoD must follow in the procurement process for goods and services.

DFARS protects a specific type of non-classified information, Controlled Unclassified Information (CUI), that is held within its contractors.  Manufacturers who want a contract with the DoD, already have a defense contract, or are a downstream supplier to a defense contractor, all must take steps to become compliant with DFARS.

The specific regulations are a part of NIST, or the National Institute of Standards and Technology. NIST Special Publication 800-171: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

How to become complaint with DFARS:

DFARS is risk management-based confidentiality program at the organizational level. The data and corresponding systems are owned by business line leaders and the responsibilities lie with them.

DFARS Compliant businesses must produce:

  • System Security Plan (SSP)
  • Plan of Actions and Milestones (POAM)
  • CUI Environmental Management Team (CEMT)

Peters & Associates can guide you through the compliance process to fulfill your obligations with DFARS. This includes generating or gathering security documents, making proactive plans to protect CUI, as well as assigning roles on a team tasked overseeing DFARS compliance.

Should you worry about DFARS?

Check out our full DFARS webinar

What is Controlled Unclassified Information (CUI)?

Covered Defense Information and Controlled Technical Information

CUI can be loosely defined as information held by those with Defense Contracts, which is not classified but is sensitive enough to require some protections by the DoD.

This data use to hold classification levels such as:

  • Sensitive But Unclassified
  • For Official Use Only
  • Law Enforcement Sensitive

National Archives and Records Administration (NARA) decides what is classified as Controlled Unclassified Information (CUI). The Department of Defense must spell out clearly within the defense contract what information qualifies for this protection. The contract holder is then responsible for communicating with its downstream suppliers to ensure that compliance

For more information to get started with DFARS Compliance, contact a Peters & Associates representative:

IT Security Services

General Data Protection Regulation

The European Union (EU) instituted the GDPR in order to give their citizens more control over the data that is held by private and public companies. What is the GDPR? What does GDPR mean for consumers and companies? How can Peters & Associates help?

Upcoming event

This Month in Cyber Security

January 28 @ 11:00 am - 11:30 am CST