DFARS Requirements go beyond what is required by the NIST SP 800-171 standard. If you are doing business with the Department of Defense it is critical to understand what DFARS clauses have been included in your contract and what you must do to comply so you are not subject to penalties that can include losing your contract and being black listed by the DoD.
Facts About Common DFARS Requirements That Affect You
You have 72 hours to report a cyber incident to the DoD. Failure to do so following proper procedure is a violation of DFARS rules and you may be subject to penalty and/or losing your contract.
Under DFARS rules many cloud solutions are not allowed and do not meet the requirements.
Upon request by the DoD, the Contractor shall provide DoD with access to additional information or equipment that is necessary to conduct a forensic analysis. This means you must be able to allow the DoD to access your systems if they request it in order for them to conduct their own investigation of a cyber incident.
Depending upon what DFARS requirements are in your contract you may be required to make sure all of your subcontractors are also compliant (Flow Down). Failure to ensure the transfer of information to a compliant sub-contractor can be grounds for penalty or contract loss.
WHEN A FULL TIME ON STAFF COMPLIANCE OFFICER IS NOT A PRACTICAL SOLUTION ON CALL COMPUTER SOLUTIONS FILLS THE GAP WITH ON CALL COMPLIANCE EXPERTISE AVAILABLE AS NEEDED.
Keeping up with compliance can be a full time job. If you are a small to mid-size organization or have only a portion of your business focused on work with the DoD it may not be financially feasible to have this expertise on staff.
WCCS empowers small to mid size companies with fractional and on demand compliance consulting and expertise.