What is the Defense Federal Acquisition Supplement aka DFARS?

The Department of Defense (DoD) administers the Defense Federal Acquisition Regulation Supplement (DFARS) which implements and supplements the Federal Acquisition Regulation (FAR). The DFARS includes legal requirements, DoD-wide policies, deviations from FAR requirements, and policies/procedures that impact the public. It should be read alongside the primary rules in the FAR. Compliance with DFARS is necessary for defense contractors and suppliers seeking new DoD contracts. DFARS is also known as the Defense Federal Acquisition Regulation Supplement.

As technology advances and cybersecurity threats become more severe, the federal government is placing a higher priority on protecting sensitive defense information.

The enforcement of measures for protecting Controlled Unclassified Information (CUI) and Covered Defense Information (CDI) has increased significantly for private defense contractors and other nonfederal information systems and organizations that collaborate with the federal government.

These entities are often required to update their security to comply with new requirements.

The Department of Defense compliance requirements for Defense Federal Acquisition Regulation Supplement (DFARS) were first published in December 2015. These requirements are designed to uphold cybersecurity standards set by the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171.

The specific purpose of these standards is to safeguard Controlled Unclassified Information (CUI) that is under the control of defense contractors.

NIST SP 800-171 took effect on December 31, 2017, requiring contractors to meet the minimum standards for DFARS compliance and demonstrate that compliance to the DoD.

Failure to adhere to these limits may lead to fines, the termination of current DoD contracts, and the inability to secure a government contract in the future.

The following list displays the countries that meet the qualifying criteria under DFARS, indicating that these countries have a reciprocal defense procurement memorandum of understanding or international agreement with the United States:

  • Australia
  • Austria
  • Belgium
  • Canada
  • Czech Republic
  • Denmark
  • Egypt
  • Estonia
  • Finland
  • France
  • Germany
  • Greece
  • Israel
  • Italy
  • Japan
  • Latvia
  • Luxembourg
  • Netherlands
  • Norway
  • Poland
  • Portugal
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Turkey
  • United Kingdom

Contractors who lack expertise in technical and security administration areas often find it challenging to meet these requirements with existing resources, such as policy and procedure documentation creation.

The main reason for this challenge is that meeting NIST SP 800-171 requirements requires continuous monitoring and assessment for improvement, rather than a one-time solution. DoD contractors must allocate significant resources on an ongoing basis to ensure DFARS compliance, particularly due to the constantly changing requirements.

The Department of Defense (DoD) recognizes that data breaches can occur in even the most secure computing environments. By partnering with a third-party provider for NIST 800 171 compliance solutions, contractors can enhance their security measures to meet the DoD’s requirements without having to make significant capital investments for control development.

Need Assistance Becoming DFARS Compliant?  

Intech Hawaii is a globally ranked compliance service provider. We have a dedicated compliance management team to help your business meet your compliance needs. If you need our assistance, we’ll be happy to help you. Contact us today to schedule a consultation with our CMMC Registered Practitioner.

0/5 (0 Reviews)