DFARS (NIST SP800-171)

DFARS is an acronym derived from Federal Acquisition Regulation Supplement. DFARS Part 252.204-7012 is also known as Safeguarding Covered Defense Information and Cyber Incident Reporting. The DFARS cybersecurity requirement is applicable to all DoD contractors and subcontractors who process Controlled Defense Information (CDI) in satisfaction of a military (sub)contract.

Not complying with the new DFARS regulation means a (sub)contractor cannot bid on DoD work. If a significant portion of your business is the satisfaction of DoD contract work, lack of compliance could mean loss of revenue and/or lost customers.

The DFARS requirement isn’t itself a cybersecurity framework, but a pointer to NIST SP800-171 which is a cybersecurity framework with the ultimate goal of protecting the confidentiality of CDI/CUI (Controlled Unclassified Information). NIST SP800-171 has 14 major requirements and several sub-requirements, none of which are earth-shattering. Partners in Regulatory Compliance (PIRC) is here to help companies make sense of the DFARS regulation and take actionable steps toward compliance.

PIRC aids companies with DFARS compliance requirements by offering a full package of cybersecurity services that maps directly to NIST SP800-171.

DFARS (NIST SP800-171) RequirementOur Service
In general, companies need to know where they stand today and where their current gaps are before they can work towards remediating those gaps.DFARS Cybersecurity Gap Analysis
NIST SP 800-171 Requirement 3.2.1Security Awareness Training Program
NIST SP 800-171 Requirement 3.6.1Incident Response Policy
NIST SP 800-171 Requirement 3.11.1Risk Assessment
NIST SP 800-171 Requirement 3.11.2Vulnerability Assessment
NIST SP 800-171 Requirement 3.12.1Internal & External Combined Pen Test
NIST SP 800-171 Various SectionsPolicy Review & Development
NIST SP 800-171 Requirements 3.1.13 & 3.1.17Include some kind of Exigent wireless config service here.
NIST SP 800-171 Requirement 3.1.19Include some kind of per device per month MDM solution that includes encryption here.
NIST SP 800-171 Requirement 3.8.6Include some kind of Windows/Mac encryption offering such as Sophos Safeguard under Exigent’s umbrella.