Call us: 571-249-1290

Schedule A Free Consultation


Learn everything you need to know about 'DFARS Compliance'.

DoD is Auditing Defense Contractors.

On January 21, 2019, Under Secretary for Defense Ellen M. Lord issued a memo to defense acquisition leaders of her intent to audit the DoD supply chain for DFARS compliance. The memo states that she has called upon the Defense Contract Management Agency (DCMA) to audit all prime contractors for compliance and assess their processes for compliance with the primes’ tier one suppliers.  

We already had several clients undergo audits. To prepare for you own, schedule a free Preliminary Gap Assessment to get started on your compliance process. The Gap Assessment will help you and us to understand the security gaps in your IT network which needs attention, in order to comply with DFARS/NIST.  

 Prepare for the DoD Audit. 


What is DFARS?

The DFARS (Defense Federal Acquisition Regulation Supplement) requires defense contractors to comply with specific cybersecurity requirements detailed in NIST 800-171. These standards specify the proper manner in which covered defense information (CDI) or controlled unclassified information (CUI) must be handled and protected.

To whom does it apply?

DFARS applies to all prime and subcontractors doing business with the Department of Defense. If you don’t handle CDI/CUI, you must still get an exception and may still need to comply with DFARS and NIST 800-171.

What are the penalties for non-compliance?

Failure to comply with DFARS may subject contractors to penalties either by the United States Government (e.g., criminal, civil, administrative, and contractual actions in law), or by people or private organizations impacted by related failures (e.g., actions for damages).

Our Expert Publications on DFARS & NIST 800-171

Active Directory & DFARS 

To meet compliance requirements, proactive and preventative measures that should be implemented for securing Active Directory include... Learn More

How to Meet Ongoing Requirements 

To meet the ongoing compliance requirements, each organization must implement a formal process (internally or utilizing external resources) to address the following areas:... Learn More


 Who is responsible for identifying and marking CUI/CDI? What if I have CUI/CDI on my smartphone or tablet (e.g., in company email) – do I need to use multifactor authentication in that case?... Learn More

Cybersecurity Maturity Model Certification (CMMC)

DoD's new Cybersecurity Maturity Model Certification (CMMC) will build upon DFARS 252.204-7012 and the NIST 800-171 controls... Learn More

NIST 800-171 Audit

Realistically, organizations have only one or two chances at successfully passing their information system audit for compliance with NIST 800-171... Learn More

We Provide a Customized Approach

Our highly-skilled team is able to provide custom solutions that make the compliance process faster and more financially manageable for our clients.  

DFARS Consultants

DFARS Compliance Program

Start: Free Gap Assessment

Phase I: 1-2.5 weeks Hardware, Software, and Installation  

A combination of private servers and open source or commercial software solutions is implemented to meet the NIST security standards.

Phase II: 1-2.5 weeks Documentation and Training

An organization System Security Plan (SSP) and Plan Of Action & Milestones (POA&M) shall be created based on the fourteen families of security controls detailed in NIST SP 800-171.

Phase III: Ongoing DFARS compliance and IT Support

Ongoing DFARS compliance consulting and services required to maintain DFARS compliance including technical support to the organization.

Full DFARS Compliance in 2-5 weeks!

SIGN UP FOR A FREE CONSULTATION TODAY. You will recieve a customized proposal with a price quote and timeline for DFARS compliance. Note: Please have someone knowledgeable of your IT system present on the call.  

Client Testimonials

“SOS provided a flexible and comprehensive DFARS compliance solution that offered the custom focus that I was looking for. ” - Jeff deGuzman, CEO Advanced Computer Support, Inc.

“I have been in the IT industry for nearly 30 years, but I am a novice when it comes to the regulatory cybersecurity compliance. SOS has been a great organization to partner with to help train us in those areas." -Joe Bond, CEO Dynamic Management Associates

“We consider SOS our business partner and one of our main resources for data security. We believe an organizations of any size would benefit from working with them.” - Mark Caldwell, General Manager MASSA

Some of Our Customers