Every business that works with the US Department of Defense needs to be compliant with the Defense Federal Acquisition Regulation Supplement (DFARS). This includes both contractors who work directly with the DoD and any subcontractors that in turn work with them.

Protecting controlled unclassified information (CUI) has been a top priority for the Department of Defense and its 200,000-strong supply chain in recent years. Facing increasing threats from state-sponsored attackers and cybercriminals, defense contractors and their subcontractors are now under increasing pressure to step up their cybersecurity.

The Defense Industrial Base (DIB) is one of the largest supply chains in the world, employing over a million people in 200,000 organizations. Protecting that supply chain from threats such as state-sponsored attackers and cybercriminals is no easy task, which is why there are strict rules in place governing the collection and usage of data pertaining to the DoD.

The DFARS 252.204-7012 documentation requires defense contractors and subcontractors to implement adequate security measures to protect controlled unclassified information (CUI). This is, of course, an extremely vague term that, by itself, is rather unhelpful.

Defense contractors operate in one of the most heavily regulated industry sectors of all. They face a wide range of threats from various sources, such as insider threat, social engineering, and state-sponsored attacks. Taking every possible step to achieve the standards demanded by the DFARS 252.204-7012 framework is essential to mitigate those risks and validate your efforts to remain compliant.

Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012 covers everything contractors must know about safeguarding covered defense information (CDI) and reporting cyber incidents. The Department of Defense (DoD) implemented DFARS 7012 to guide contractors and their suppliers on how to secure CDI that they store, transmit, or process. 

Working as a contractor for the DoD requires compliance with the DFARS 252.204-7012 rules, which are based on the globally recognized NIST 800-171 guidelines. Meeting these rules is not a one-time fix, but rather something that must be maintained with continuous monitoring and improvement. Above all, security must take a proactive stance, in which contractors have the necessary systems and ...

DFARS 252.204-7012 Security Requirement 3.12.4 requires contractors of the Department of Defense to create and regularly update a system security plan. This plan should describe the boundaries of your systems and the relationships between these systems.

Keeping up with the demands of compliance is a constant challenge, especially for companies operating in a highly regulated sector like the Defense Industrial Base. DFARS 252.204-7012 compliance, which is based on the NIST 800-171 framework, comes with many responsibilities and obligations. To maintain your existing contracts, as well as win requests for proposals for lucrative new projects, it ...

Every business faces a unique set of risks across a number of key domains. If your company stores, processes, or transmits controlled unclassified information (CUI) in the capacity of a defense contractor then you will need to ensure all these risk areas are accounted for. This is essential for upholding your DFARS 252.204-7012 obligations and winning new contracts from the DoD.