DFARS Compliance

The Defense Federal Acquisition Regulation Supplement (DFARS)

Home » Services » DFARS Compliance

Services category: IT Compliance and Privacy

DFARS Compliance

The Defense Federal Acquisition Regulation Supplement (DFARS) is a set of cybersecurity regulations that requires all Department of Defense (DoD) prime contractors and subcontractors to implement “adequate security” based on a set of security controls referenced in NIST SP 800-171, and to conduct cyber incident analysis and reporting.

Share this content

To meet the minimum requirements, DoD contractors must:

  • Provide adequate security, and
  • Conduct cyber incident analysis and reporting

Adequate Security is provided by implementing “protective measures that are commensurate with the consequences and probability of loss, misuse, or unauthorized access to, or modification of information.”

A covered contractor information system is subject to the security requirements in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171. DFARS contains fourteen groups of security requirements covering various components of IT information security. Contractor information systems must pass a readiness assessment of the following NIST SP 800-171 guidelines:

  • Access Control
  • Awareness and Training
  • Audit and Accountability
  • Configuration Management
  • Identification and Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Personnel Security
  • Physical Protection
  • Risk Assessment
  • Security Assessment
  • System and Communications Protection
  • System and Information Integrity

Cyber incident analysis and reporting require an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities.

Achieving Compliance

Elevate can help you assess your systems and processes to efficiently assess and manage DFARS compliance with each specific legislation/mandate.

Gap Analysis

Like any other gap analysis, the first step is to conduct a comprehensive review of all systems and processes. This analysis is then used to determine where you stand against the minimum requirements outlined in DFARS.

Remediation Plan

The outcome of the Gap Analysis is used to create the appropriate remediation plan in order to bring all systems and procedures into DFARS compliance. Elevate will also provide the documentation necessary to prove compliance with the DoD.

Long-Term Compliance - It is important to remember that compliance with SP 800-171 is only one step. Long-term compliance requires continuous assessment, monitoring, and process improvement. Elevate can help you with achieving and maintaining DFARS compliance.

CONTACT

>> This service article was last update on July 23, 2022
Contact Elevate today to learn more about DFARS Compliance

Elevate // +1 (888) 601-5351 // Monday to Friday 9am-6pm