On January 21, 2019, Under Secretary for Defense Ellen M. Lord issued a memo to defense acquisition leaders of her intent to audit the DoD supply chain for DFARS compliance. The memo states that she has called upon the Defense Contract Management Agency (DCMA) to audit all prime contractors for compliance and assess their processes for compliance with the primes’ tier one suppliers.
We already had several clients undergo audits. To prepare for you own, schedule a free Preliminary Gap Assessment to get started on your compliance process. The Gap Assessment will help you and us to understand the security gaps in your IT network which needs attention, in order to comply with DFARS/NIST.
What is DFARS?
The DFARS (Defense Federal Acquisition Regulation Supplement) requires defense contractors to comply with specific cybersecurity requirements detailed in NIST 800-171. These standards specify the proper manner in which covered defense information (CDI) or controlled unclassified information (CUI) must be handled and protected.
To whom does it apply?
DFARS applies to all prime and subcontractors doing business with the Department of Defense. If you don’t handle CDI/CUI, you must still get an exception and may still need to comply with DFARS and NIST 800-171.
What are the penalties for non-compliance?
Failure to comply with DFARS may subject contractors to penalties either by the United States Government (e.g., criminal, civil, administrative, and contractual actions in law), or by people or private organizations impacted by related failures (e.g., actions for damages).
How to Meet Ongoing Requirements
To meet the ongoing compliance requirements, each organization must implement a formal process (internally or utilizing external resources) to address the following areas:... Learn More
Who is responsible for identifying and marking CUI/CDI? What if I have CUI/CDI on my smartphone or tablet (e.g., in company email) – do I need to use multifactor authentication in that case?... Learn More
Our highly-skilled team is able to provide custom solutions that make the compliance process faster and more financially manageable for our clients.
Phase I: 1-2.5 weeks Hardware, Software, and Installation
A combination of private servers and open source or commercial software solutions is implemented to meet the NIST security standards.
Phase II: 1-2.5 weeks Documentation and Training
An organization System Security Plan (SSP) and Plan Of Action & Milestones (POA&M) shall be created based on the fourteen families of security controls detailed in NIST SP 800-171.
Phase III: Ongoing DFARS compliance and IT Support
Ongoing DFARS compliance consulting and services required to maintain DFARS compliance including technical support to the organization.
Full DFARS Compliance in 2-5 weeks!
SIGN UP FOR A FREE CONSULTATION TODAY. You will recieve a customized proposal with a price quote and timeline for DFARS compliance. Note: Please have someone knowledgeable of your IT system present on the call.
“SOS provided a flexible and comprehensive DFARS compliance solution that offered the custom focus that I was looking for. ” - Jeff deGuzman, CEO Advanced Computer Support, Inc.
“I have been in the IT industry for nearly 30 years, but I am a novice when it comes to the regulatory cybersecurity compliance. SOS has been a great organization to partner with to help train us in those areas." -Joe Bond, CEO Dynamic Management Associates
“We consider SOS our business partner and one of our main resources for data security. We believe an organizations of any size would benefit from working with them.” - Mark Caldwell, General Manager MASSA