As a member of the manufacturing business community with a Department of Defense contract, it is imperative that you be prepared to meet the Defense Federal Acquisition Regulation Supplement (DFARS). This is a government regulation that applies to any business with a contract with the Department of Defense (DOD). Dec. 31, 2017, is the government's final deadline for compliance.
DFARS necessitates compliance with the security requirements outlined in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.”
Where to Begin?
You'll want to revisit your contracts to ensure you fully understand all clauses and requirements specified for security measures. While DFARS 252.204-7012 is required in all contracts with the DOD, there may be additional security requirements you need to meet.
You'll need to conduct a risk assessment as well as a gap assessment of your organization's security. These assessments will provide a baseline of risk so you can make the best decisions for implementing necessary controls to meet the DFARS regulatory guidelines, identify where partial controls are not enough, and where controls are not being properly utilized.
How Can Dox Help?
In addition to conducting the assessments, Dox has security solutions to assist your business in closing the gaps, securing your network and data, and getting you DFARS/NIST 800-171 compliant.
Dox has mapped the 110 requirements of DFARS to 175 controls we have designed to gauge how well an organization is meeting the requirements. Our experts run scans and tests against the information systems and compare these results to any documented policies and procedures provided by your organization. We then give a pass/fail grade for each individual control and our justification (what we observed) for that grade.
The Final Result
The final product we deliver is a gap analysis table of all 110 DFARS requirements showing whether your company earned a pass/fail rating for each requirement based on the associated controls your organization currently has in place. This becomes a “to-do list” for your business to work toward compliance before the Dec. 31, 2017, deadline.
No need to worry or feel overwhelmed. Dox also provides outstanding professional services to achieve complete compliance before the deadline.
What Happens If You Don't Meet the Deadline?
Businesses that fail to meet the DFARS 800-171 deadline may face stiff penalties from fines to loss of contracts with the DOD to jail time.
The Clock Is Ticking
December is just around the corner, so if you need help conducting an assessment of your business security or meeting the requirements of DFARS 800-171 before Dec. 31, please fill out the contact form below and we will reach out to you as soon as possible.