DFARS Compliance and Auditing
Help Your Organization Meet DFARS Compliance Security Standards
DoD and Federal Government contracts require that government and DoD contractors protect national defense information. In order to do business with the DoD and government DFAR compliance is required. In other words, contractors that process, store or transmit Controlled Unclassified Information (CUI) must meet DFARS minimum security standards. Also see: NIST 800-171 Compliance.
In short, like most of our Cybersecurity recommendations, DFARS Compliance requires you to take reasonable measures to secure your CUI data.
However, what if a cybersecurity breach should occur? Of course, DFARS Compliance outlines the proper steps to take to report the incident.
Above all, it’s important to note the following statement:
“A cyber incident that is reported by a contractor or subcontractor shall not, by itself, be interpreted as evidence that the contractor or subcontractor has failed to provide adequate security on their covered contractor information systems, or has otherwise failed to meet the requirements of the clause at 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting. When a cyber incident is reported, the contracting officer shall consult with the DoD component Chief Information Officer/cyber security office prior to assessing contractor compliance (see PGI 204.7303-3(a)(3) (DFARS/PGI view)). The contracting officer shall consider such cyber incidents in the context of an overall assessment of a contractor’s compliance with the requirements of the clause at 252.204-7012.”
Of course, like most security compliance standards, tthese standards are not requiring you to guarantee that a cyber incident could not occur. Instead, they are requiring you to follow modern, accepted standards for security. Modern cybersecurity efforts make a security incident unlikely. But, no amount of IT security can eliminate the risk of threats.
Technology Seed has a security team dedicated to DFARS Cybersecurity and Cybersecurity Assessments. As such, they work with organizations to ensure DFARS Compliance, among other standards.
It’s all they do. And they specialize in helping companies meet the requirements of DFARS, NIST 800-171 etc. First, we can perform an assessment on your organization. Second, we will identify and remediate areas of weakness. Last, we’ll plan for long-term security. In summary, the methods and tools we use are designed to keep your organization safe from a broad spectrum of threats.
Learn more about DFAR Compliance and Assessment services in NH and MA.
Call us: 603-458-7190