The Defense Federal Acquisition Regulation Supplement, DFARS, is a cyber security related set of regulations that the Defense contractors and suppliers are supposed to follow on all their dealings with the Department of Defense, DoD. DFARS generally provides all the regulations in details that applies to the DoD contractors and suppliers. Usually, it includes the minimum requirements a contractor or a supplier should meet. DFARS was a wakeup call following cyber threats and attacks and the advancement in technologies meant for cyber security. DFARS 252.204-7012, therefore, are meant to address cyber security related threats which has become a top concern to the state governments.
The minimum requirements to both the DoD contractors and suppliers are usually straightforward. Basically, contractors and suppliers are required to ensure they have enough security to ensure that the DoD information is protected. The information referred to, in this case, is one that is exchanged between the DoD contractor or supplier and the DoD. The security required should be adequate to ensure such information does not leak or get access by unauthorized or malicious parties. Secondly, the DoD contractors and suppliers are required to report any incident regarding cyber attacks or threat to the Department of Defense in a fast and efficient way. This allows the Department of Defense to respond to such security threats or incidents through a rapid response to the affected information or media. The DoD may also respond to such threats and incidents through implementation of robust security and malicious programs. Learn more at https://www.complyup.com/understanding-dfars-compliance.
The term “adequate security” may seem to be a more straightforward thing to meet in-house. However, the DoD contractors and suppliers may have to cover more to achieve adequate security. To be clearer on such, DFARS outlines some of the aspects that are likely to affect or compromise the security of information. To be compliant with the DFARS regulations, a series of tests are usually carried out on the DoD contractors and supplier’s information systems. A contractor or a supplier will be deemed compliant by passing the assessment. To many DoD contractors, meeting adequate security as outlined by DFARS may be a challenge especially with the existing Information Technology, IT, infrastructure. In such a case, instead of relying on in-house expertise, most of the contractor’s resort to outsourcing to avoid incidents of non-compliance. Other contractor organization work closely with consultants for insights and better decision making especially when investing on IT infrastructure to meet adequate security. Read more about cyber security here: https://en.wikipedia.org/wiki/Federal_Acquisition_Regulation.
