All businesses that serve the department of defense must comply with the mandates of the Defense Federal Acquisition Regulations (DFARS). The DFARS have recently changed, adding new requirements for companies to safeguard DoD information and put in place new incident response procedures.
What you need to know:
- Although security and use of technology is touched on in many areas of the DFARS, the most significant changes are know as DFARS Part 252.204-7012. Most in the industry call the new changes “7012 Compliance”.
- The acronym CDI stands for Covered Defense Information. CDI is any information that is provided to the contractor by or on behalf of DOD in connection with the contract. It is also any information collected, developed, received or transmitted by the contractor in performance of the contract.
- Contractors must full understand what CDI they create, process, store or transmit. CDI must be protected with adequate security controls, which are going to be as strong or stronger as those reflected in NIST Special Publication 800-171.
- Contractors must also be able to detect unauthorized access of CDI and have an incident response plan that complies with the DFARS guidance, including reporting requirements.
- These rules apply to all contractors doing work with DoD, including subcontractors.
- You must be compliant in 2017. The deadline is December 31, 2017. But sooner is better.
- The cost of compliance is considered an allowable cost under Federal Acquisition Regulation (FAR)/Cost Accounting Standards (CAS).
Cognitio can help your business smartly achieve full compliance with DFARS regulations on both cybersecurity and insider threat requirements. We can give you a leg up in your need to classify your systems and data, your tailoring and enhancing of controls over your systems, and in ensuring your spend for security is optimized.
And for those firms in need of specialized support to more rapidly execute on DFARS compliance, we offer a tailored CTO as a Service offering which can put our experts directly on your team.
Contact us today and we will provide more information.