Has your business recently received an email prompting you to make sure your systems are DFARS 252.204 and NIST 800-171 compliant?
Maybe you have no idea what this means and you’re scrambling to figure out what to do. Here’s a quick rundown of what these terms mean and what it means for your business.
DFARS (Defense Federal Acquisition Regulation Supplement) is a DoD specific supplement to the Federal Acquisition Regulation (FAR). This department provides acquisition regulations and requirements for the DoD. More specifically, it restricts originations of raw materials for the US defense industry in order to protect it from becoming overly reliant on foreign sources of supply.
DFARS is important for your organization if you are a contractor or subcontractor with the DoD.
In that case, your organization needs to be compliant with the information security requirements of DFARS. This is done in order to protect any processing, storage, or transmission of information that should be protected from unauthorized access. In order to meet these requirements, your organization must provide adequate security measures to protect this information as well as rapidly report security incidents if/when they do occur. And in order to meet that requirement of “adequate security measures,” you must implement and be certified according to NIST 800-171 standards. These measures can either be implemented in house via your IT department or through the use of a third-party managed service provider (MSP). In the case that your organization is found to not be compliant with these standards, the DoD may suspend and eventually terminate your contract.
Just to reiterate, your organization needs to be DFARS compliant ONLY IF YOU ARE A CONTRACTOR/SUBCONTRACTOR WITH THE DOD. In that case, your organization needs to implement the NIST 800-171 controls in order to gain this compliance. But CIT can help your organization meet these criteria! We can help implement and certify your organization not just for NIST 800-171, but other security frameworks such as CIS and CMMC as well!
Corporate Information Technologies provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.
Don’t Gamble With Your Security Contact us
Written by Michael Honrine