The Defense Federal Acquisition Regulation Supplement (DFARS) is a supplement to the Federal Acquisition Regulation that governs the acquisition process by which contracted agencies provide services to the US Federal Government. The White House issued Executive Order (EO) 13556 in 2010 to establish a uniform program across civilian and defense agencies.
The fact remains that cyberattacks against the military aren’t uncommon. However, defense contractors can be privy to sensitive and often classified information. The worry remains that this information can be accessed via a data breach within one of these contractors.
Cyberattack patterns indicate that, for the most part, the direct contractors aren’t targeted directly; larger companies will tend to have more robust cybersecurity measures in place. Rather they are contacting the small to medium-sized businesses which these contractors are in turn subcontracting.
While the DFARS compliance services can help you meet the requirements all defense contractors need to meet to maintain a certain level of information security, many small and medium-sized businesses with military contracts frequently struggle to meet its requirements. With the consequences of a cyberattack on one side and the consequences of violating DFARS regulations on the other, how can small to midsize businesses navigate?
What DFARS Compliance Services Mean for Your Business
All prime and subcontractors for the Department of Defense (DoD) who work with CDI/CUI or have DFARS clause 252.204.7008 in their contract. If you fall into this category, you must adhere to the NIST 800-171 minimum security standards and incident reporting requirements.
You have 30 days from the time you are awarded a contract (before October 1, 2017) to submit a PoAM (Plan of Actions and Milestones) to the DoD Chief Information Officer (CIO) reporting your current DFARS compliance status. Controls that are not in compliance must be corrected as soon as possible.
Consulting DFARS compliance services to ensure you meet your requirements will help you avoid further attacks or data breaches. While you may not automatically be penalized for any breaches, you may be subject to an audit which could then result in;
- A pause on your contract until you are fully DFARS compliant
- Loss of contract in full
- Penalties for breach of contract
- A permanent bar from working with government agencies.
The harsh realities could mean the end for your SMB, and work of this kind makes up the bulk of your contracts, then failing to adhere to DFARS could be catastrophic for you. On the flip side, a full-time IT personnel team might be something you can ill afford, and that is before you factor in the cost of the infrastructure and new technology you need to keep your business fully compliant at all times.
It is also worth bearing in mind that DFARS regulations are likely to change. If you want to make sure you are in a position to bid for government contracts, it is highly recommended that you consult professional DFARS compliance services to help you understand your responsibilities and what your options are going forward.