The Washington Post has reported that The Pentagon has developed a new strategy to protect its supply chain from cyber crime and foreign interference. As well as basing how it awards its weapons contracts on the price and performance that each contractor can offer, The Pentagon will now also consider security as an important factor when deciding which contractors to work with. This move marks an important shift in how the Pentagon regards security.

The new strategy is designed to reward DoD contractors who take their security responsibilities seriously. According to Kari Bingen, the deputy undersecretary for intelligence at the Pentagon, “Security should be seen not as a ‘cost burden,’ but as a major factor in their competitiveness for U.S. government business.”

Last year, the Department of Defense implemented a set of cybersecurity regulations that all DoD contractors must follow. These regulations are known collectively as DFARS (the Defense Federal Acquisition Regulation Supplement) and are designed to protect DoD data from cyber theft. To comply with DFARS, DoD contractors must provide adequate security to protect covered defense information that is stored on or transmitted through their systems. Contractors must also report cyber incidents within a specified time period and cooperate with the DoD to investigate and respond to those incidents.

The Pentagon’s new policy will encourage all contractors to take action to ensure their businesses comply with DFARS. If they want to continue to work with the DoD, contractors will need to pay ongoing attention to their security systems and procedures to ensure they meet the required standards.

In summary, the DFARS mandate was just the beginning when it comes to improving the security of DoD contractors. The Pentagon will now have the power to force contractors to comply with the regulations, by recognizing that compliant businesses can offer a competitive advantages over those that do not comply. In simple terms, those businesses that can demonstrate compliance will win, while those that can’t will lose.

A recent report from the Pentagon suggested that businesses in the DoD supply chain should receive incentives, such as tax breaks, to encourage them to improve their security practices. The report also suggested laws to grant businesses immunity from being sued if they share information about holes in their security systems that could help to protect other companies.

If your business has any connections with the defense industry, you need to take action now to become DFARS compliant. In addition to putting in place security policies and procedures that keep all data stored on your systems safe, you also need to be able to show the DoD what measures you are taking to comply with DFARS and protect sensitive defense information.

If you can demonstrate compliance, you will gain a competitive advantage over your competitors in this security-conscious era. Your business will be more likely to secure and keep contracts with the DoD, compared to businesses that overlook the importance of a robust cybersecurity strategy.

For help with becoming DFARS compliant, you can get in touch with SysArc today. We can address your cyber security concerns and help you offer your clients the very best security for their data. If you want to win and keep contracts with the DoD, contact SysArc today to get started on improving your business’s security.

The government mandate of DFARS comes with the power to legally enforce these regulations. The penalties for non-compliance can be costly to the Department of Defense (DoD) contractor. A few of the consequences include adverse actions related to the False Claims Act, poor performance reviews, termination, and debarment. You may also be subject to lawsuits related to these data breaches¹.

DoD contractors frequently seek out an Managed Cyber Security Company to help them bring their systems and procedures into compliance. You should also consider bringing in a legal team to help you navigate the legal side of DFARS compliance.

Why Use a Cybersecurity Legal Team for DFARS Compliance

The DFARS legal document is 350 pages. Your DoD contractors may not have the time or expertise to go through the entire thing and fully understand it. A specialized legal team has learned about these requirements inside and out, from the explicitly stated standards to those that may be more ambiguous.

Your primary role as a DoD contractor does not involve legal matters, so you may not have the in-house staff necessary to field this task. Outsourcing this part of the compliance process to a team of dedicated experts makes perfect sense. You can continue making great products while maintaining and growing your government contracts.

What Do Cybersecurity Attorneys Do

A cybersecurity law firm does more than go over the legal documentation of DFARS for you. Here are a few of the important tasks that they can handle for DoD contractors:

• Draft policies and procedures: Your existing cybersecurity policies and procedures may fall short of what’s required under DFARS and other government regulations. The attorneys’ documentation skills can improve the current policies and ensure that they can accommodate future changes when new security requirements are put in place.
• Prove compliance: Once you bring your systems into compliance with DFARS, you need to prove it. This process involves specialized legal materials that are best left to an experienced team. Cybersecurity attorneys can prepare this documentation and present it to the DoD.
• Defend against lawsuits: Data breaches may lead to lawsuits due to the information that was lost or other related issues. You can have your cybersecurity attorneys handle this, rather than allowing the legal matters to eat up your time and attention.
• Cooperate with DoD investigations: The legal firm will work with the DoD during investigations following a breach or a related incident. If you had to put employees inexperienced with legal matters on this task, you could end up with some significant compliance issues.
• Advise on state data breach laws: DFARS isn’t the only regulation you need to worry about as a DoD contractor. You also need to comply with state data breach laws and may face additional penalties if you fail to take them into account. The legal firm’s job revolves around keeping up with the latest updates and changes to cybersecurity law. You don’t have to pull your resources away from DoD contracts to try and determine whether you need to make adjustments.
• Negotiate with vendors: How many vendors do you work with as a DoD contractor? When you have a lot of companies that you do business with, it’s difficult to sift through the contracts and discover opportunities to get a better deal. Cybersecurity attorneys, on the other hand, are more than happy to help negotiate these arrangements so you get the best terms possible. They can also eliminate redundant contracts that are costing you money.
• Handling False claims allegations: False claims allegations are a serious issue in government contracting. A cybersecurity law firm familiar with DFARS and other government regulations can defend you against such claims. They also improve your documentation quality to decrease the chance that you run into a False claims situation.

How Cybersecurity Attorneys Help DoD Contractors Implement Changes

You can put many technical solutions in place for better cybersecurity, but people are always the weakness in the system. Phishing attacks and other forms of social engineering are still effective at giving attackers access to sensitive systems. Cybersecurity attorneys can incorporate data security and privacy policies into your standard employee handbooks and standard operating procedures to improve cybersecurity awareness at your organization.

One way that the attorneys encourage the adoption of these policies is by using role-appropriate education. People outside of the IT department don’t need a lot of details into how phishing works. They need to know about the obvious and subtle signs that could indicate an attack, what they need to do if they suspect phishing, and who they should contact in this situation. When the policies are clear and easy to understand, it’s a lot more likely that employees will follow the new procedures.

A law firm experienced in DFARS compliance is an invaluable asset for DoD contractors. Even if you’re currently compliant, you never know when the regulation or state-level laws may change the security standards. When cybersecurity attorneys are handling the legal aspects of DFARS compliance, the rest of your staff can work on current DoD contracts and winning bids for new ones.

Sources:

https://www.cov.com/-/media/files/corporate/publications/2018/01/dfars_cyber_rule_considerations_for_contractors_in_2018.pdf

Government contractors deal with many compliance concerns during their work with Federal Government customers. Regulations such as NIST 800-171, called the Defense Federal Acquisition Regulation Supplement (DFARS), and NIST 800-53, part of the Federal Information Security Management Act (FISMA), may be part of the technology standards that a government contractor must follow during their work. To ensure full compliance with DFARS and FISMA requirements, contractors should understand what each regulation covers, the systems that they apply to, and whether overlap occurs between them.

Who Are the Regulations Meant For?

FISMA covers Federal institutions and the information systems that they use. It’s a comprehensive set of guidelines that government institutions must follow when they secure their infrastructure. In some cases, FISMA applies to government contractors if they operate federal systems, such as providing a cloud-based platform. DFARS solely refers to the internal systems of Department of Defense contractors.

How Are the Requirements Different?

FISMA is a massive 462-page document that covers the framework that government institutions use for appropriate levels of security and privacy in their systems. The primary focus of FISMA is assisting government organizations when they’re putting together IT security protocols and strategies. There are 212 controls total in this document, although organizations don’t have to implement all of them to be in compliance.

DFARS is much smaller, with only 125 pages of guidelines. It covers the proper protection of Controlled Unclassified Information (CUI) when a non-federal organization is using that data on their internal systems. Only 109 controls are listed in this document, and all of them are required for compliance.

Where Do DFARS and FISMA Overlap?

Some of the controls of DFARS and FISMA overlap, so government contractors that have to adhere to both regulations may have some areas already covered. These controls fall under the cybersecurity best practices that contractors should already be paying attention to in order to protect against data breaches.

• Access control: Ensure that users only have the permissions they need to do their work.
• Configuration management: Confirm that the configuration is set up to maximize security for CUI.
• Ongoing maintenance: Proactively addressing potential vulnerabilities limits the opportunities for attackers.
• Accountability: Gain access to a paper trail in the event of an audit or another type of review.
• Information integrity: Maintain the integrity of the CUI and other important information on these systems.

Why Were Both Regulations Enacted?

DFARS and FISMA were enacted to provide federal institutions and government contractors with the guidelines they needed to adopt a risk-based cybersecurity approach. With cyber attacks frequently happening across all public and private sectors, it was important to create a standard for government agencies and contractors to follow so an appropriate level of security was in place.

Without this type of regulation, government contractors and institutions would have a greater risk of data breaches and other IT security problems. The controls outlined in these documents act as a set of best practices for organizations to follow.

Keeping government systems and CUI secure and protected are essential tasks, but contractors should pay close attention to see which framework actually applies to the project. In some cases, government agencies will default to requiring contractors to comply with the much broader FISMA, even if DFARS is more suitable for the type of work that they’re doing.

If you are a DoD contractor and need assistance with DFARS or FISMA compliance, contact us about our consulting services:

• DFARS compliance consulting
• FISMA compliance consulting

In February 2018, it was revealed that Russian hackers had exploited a loophole in the security systems of U.S. defense contractors in an attempt to steal some of the country’s biggest secrets. According to an Associated Press investigation, the Russians attempted to steal advanced defense technology by exploiting weaknesses in email security.

The Fancy Bear Attack

It is not clear what the hacking group, known as Fancy Bear, managed to steal. However, the threat is enough to make U.S. defense contractors worried. The hackers, who are also accused of interfering in the election in 2016, targeted at least 87 people working on some of the most sensitive defense technologies: military drones, rockets, stealth fighter jets, missiles, and cloud-computing platforms used by the military.

Fancy Bear used a phishing technique to gain access to data, according to an investigation into the hacking incident. They sent emails primarily to people’s personal Gmail accounts, as well as to a few corporate accounts, that contained phishing links. Worryingly, 40 percent of the people targeted clicked on these links, allowing hackers to take the first step toward being able to hack their targets’ accounts and computers.

In May 2015, Fancy Bear targeted the Gmail account of a senior engineer who was working on the X-37B project at Boeing. Just two weeks earlier, the Russian Deputy Prime Minister had expressed concern that this unmanned space plane was allowing the United States to push ahead in the realm of space flight. Clearly, the Russians had decided to use cyber warfare to prevent the U.S. from gaining a technological edge.

Boeing’s X-37B technology was not the only U.S. project targeted by the hackers; Fancy Bear also went after people who were working on cloud-based services, trying to get hold of classified data from contractors that work for the FBI and other U.S. intelligence agencies.

Fighting Back Against Foreign Government Attacks

In this age of cyber warfare, the United States government is keen to protect data from attacks by foreign powers. However, the way that data is often distributed among various defense departments and third-party contractors makes this difficult.

The response of the Department of Defense to the threat is https://www.nist.gov/mep/cybersecurity-resources-manufacturers/dfars800-171-compliance (Defense Federal Acquisition Regulation Supplement). This government mandate extends the Federal Acquisition Regulation (FAR) to increase the scope of the regulations that U.S. defense contractors must follow to ensure that all the sensitive data they handle is kept safe.

What is DFARS?

In simple terms, DFARS is a set of new regulations that applies to all contractors that supply goods and services to the Department of Defense (DoD). It requires contractors to protect DoD information through a range of guidelines that are outlined in a document called NIST.

Contractors must also report cyber incidents to the DoD within 72 hours. This reporting requirement ensures that the DoD is able to track the threats that are currently facing U.S. companies. However, it poses a headache for DoD contractors who do not yet have adequate systems set up to monitor activity on their networks.

Contractors who fail to comply with DFARS risk losing their DoD contracts. They may also face fines if they put U.S. DoD information at risk. In the light of escalating tensions between the United States and Russia, the Department of Defense is keen to crack down on all weaknesses that could expose sensitive data to potentially hostile foreign powers.

How DoD Contractors Are Complying With DFARS

DFARS compliance is a big challenge for many businesses, particularly small contractors who do not have large IT departments or significant resources to spend on improving security. For these companies, the best option is usually to work with a U.S. IT company to ensure compliance. By outsourcing compliance in this way, DoD contractors can remain free to focus on their core business operations. Working with an IT company is also, in many cases, much more cost-effective than hiring professionals and purchasing tools to manage their own security systems in house. For more information on DoD Contractors can can comply with DFARS, please see our DFARS guide here.

How IT Companies Help DoD Contractors Comply With DFARS

IT companies that specialize in managed cyber security, more specifically DFARS consulting, are prepared to help DoD contractors to comply with DFARS. The first step an IT company takes is to assess the contractor’s current IT systems to identify any gaps in security.

Once potential weaknesses have been identified, the IT company can take action to secure the network and reduce the risk of a successful hacking attack. As part of ensuring compliance, the IT company will also set up systems that can detect and report cyber threats, allowing the DoD contractor to meet the requirement to report all incidents within 72 hours.

Unlike many contractors, IT companies employ professionals who are leading experts in the field of cyber security. These professionals have the skills and experience necessary to protect against all kinds of cyber threats. They keep up to date with the latest techniques that Russian hackers and other groups of cyber criminals are using to try to steal data from U.S. defense contractors. This expertise allows them to take action to reduce the risk of a successful attack.

In January and February, hackers from the Chinese government breached a Navy contractor. The data that they stole covered undersea warfare. One of the most troubling pieces of information taken in the breach was supersonic anti-ship missile plans. More than 600 GB total of sensitive and secret data was compromised in this attack.

The Navy contractor failed to follow DFARS regulations for the storage and protection of the data it was working with. Similar attacks conducted by Chinese hackers also focus on contractors supporting US military branches, rather than attacking federal government agencies directly.

How DFARS Compliance Could Have Prevented This Breach

The information taken in this recent attack was stored on an unclassified network. DFARS requires that government contractors have security controls in place on this type of network, which may have thwarted the hackers’ efforts in this situation.

Many DFARS requirements fall under cybersecurity best practices that the contractor should follow automatically.

It covers these areas:

• Access control for the authorized users of the system
• Training employees and making them aware of cybersecurity measures
• Auditing the security of the system and key areas
• Putting together incident management plans
• Getting accountability in place, how to configure the network to keep data safe
• Identifying and authenticating users
• Maintaining the systems
• Protecting media
• Establishing personnel security
• Implementing physical protection

The Liability of Non-compliance

Failing to comply with DFARS leads to one or more consequences for the government contractor. At the basic level, the business is failing to adhere to the contract between it and the government agency. The security requirements are laid out in DFARS, so there is no lack of clarity in what they need to do.

Other consequences of not complying with DFARS includes:

• Liquidated damages: If a contractor loses sensitive information, that can lead to substantial problems for the government agency. It may choose to penalize a company up to $5,000 per affected person, which can add up quickly in a data breach.
• Terminating the contract: The government agency may choose to dissolve the agreement with the contractors. This situation could lead to financial ruin for the company, as it loses a steady contract and it has its reputation sullied for other clients.

DFARS Compliance Resources

Becoming compliant with DFARS requirements may involve more than the in-house IT staff. The regulations cover everything from how users access the system to the procedures around physical access to the servers. The cybersecurity requirements can get even more complicated if a contractor uses a hybrid infrastructure with public and private clouds alongside on-premises systems.

A DFARS compliance consultant has an extensive amount of experience with these regulations. They have worked with multiple contractors to ensure that every business is compliant with the cybersecurity requirements.

This skilled assistance is particularly helpful when a government contractor is first going through the compliance process or following a non-compliance problem. Their entire job revolves around making sure that contractors are following the rules, as well as staying on top of any changes to them. They are an invaluable asset to keep on hand.

DFARS compliance could have lead to a much different outcome in the cyber attack mentioned at the beginning of this article. Cybersecurity best practices make it more difficult for hackers to find vulnerable attack surfaces or gain access through social engineering. Government contractors should check their compliance and bring in additional help as needed to remain up-to-date on the latest regulations.

The National Institute of Standards and Technology (NIST) published an update to DFARS SP 800-171 documentation on June 7th, 2018 called SP 800-171 Rev.1.

According to NIST, “The errata update includes minor editorial changes to selected CUI security requirements, some additional references and definitions, and a new appendix that contains an expanded discussion about each CUI requirement.” These changes are outlined on “Errata” on pages 9 through 15″

Download Revision 1 of SP 800-171

If you’re in need of getting your company’s processes and data security GDPR compliant, consulting a Managed Security Service Provider (MSSP) can help your company navigate the complicated road towards compliance. This article will focus specifically on GDPR compliance and what you can expect from a GDPR consultant. However, the processes MSSPs use to help their clients become GDPR compliant, apply to other compliance mandates as well.

First, A little bit about GDPR…

General Data Protection Regulation (GDPR) is a collection of data protection laws that expand the scope of the 1995 Data Protection Directive. GDPR focuses on preserving the digital rights of people living in the European Union.

Some of the key regulations in GDPR include requirements to:

• Notify customers of data breaches within 72 hours of discovering attacks.
• Write user consent agreements in language that the average person can understand.
• Give individuals access to information about how their data is being used.
• Let individuals choose to have their information deleted, also known as the “right to be forgotten.”
• Allow compliance officers to complete periodic data audits.

When GDPR goes into effect on May 25, 2018, companies around the world will need to change their approaches to protecting the privacy of personal data. GDPR doesn’t just apply to organizations operating within the EU. Any organization that provides services to individuals or companies within the EU will need to follow the updated regulations.

The expanded requirements of GDPR will put a significant burden on many companies and organizations. Failing to meet the requirements, however, can lead to penalties that include fines up to €20 million (USD 24.75 million) or 4 percent of a company’s annual global turnover, whichever is greater.

The possibility of losing so much money in fines should encourage more companies to hire Managed Security Service Provider (MSSP) consultants that can oversee processes and make sure they align with the new regulations. At SysArc, we make sure our clients have the information that they need to follow GDPR so they can serve their customers well and avoid penalties.

GDPR Consultants Use Gap Analyses to Discover Inadequate Processes

SysArc’s MSSPs start their jobs by performing gap analyses designed to discover inadequate processes that may not meet the EU’s updated regulations. Taking a close look at your network and procedures is the first step to ensuring compliance.

The results of our gap analyses may reveal issues with:

• Excessive legalese that prevents people from understanding user agreements.
• How companies store data about their customers.
• Making privacy a central feature of a company’s network.
• How companies share data with each other.
• Processes that give individuals easy access to their data.

Without a gap analysis, it’s impossible to know what changes an organization needs to make before it meets the EU’s latest regulations. The professionals at SysArc use their findings to create remediation plans that will correct any problems and keep our clients in line with GDPR.

GDPR Consultants Create Remediation to Ensure GDPR Compliance

SysArc’s remediation plans provide careful documentation of processes that don’t meet today’s standards. Having a well-researched plan also makes it easier for our clients to make necessary changes to their systems.

Once we help clients meet GDPR standards, we provide legal documentation that proves compliance. This documentation provides legal protection from potential fines. Instead of taking risks, companies should make sure they have as much protection as possible. Otherwise, they could find themselves spending millions in court costs and fines.

More Benefits of Outsourcing With an GDPR Consultants Compliance Specialist

Some international companies based in the United States don’t know that they have to comply with Europe’s new standards. This misunderstanding puts them at serious financial risk.

Outsourcing to an MSSP that specializes in GDPR compliance offers several benefits. At the very least, SysArc can help our clients save time and money while avoiding the headache of conducting in-depth analyses. Click here to sign up for a free GDPR compliance Assessment by SysArc.

Sources:

https://www.eugdpr.org/key-changes.html
https://www.csoonline.com/article/3202771/data-protection/general-data-protection-regulation-gdpr-requirements-deadlines-and-facts.html
https://www.itgovernance.co.uk/shop/product/gdpr-gap-analysis

The Defense Federal Acquisition Regulation Supplement (DFARS) is a set of cybersecurity regulations that the Department of Defense (DoD) imposes on external contractors and suppliers. If you feel unsure about how to meet these cybersecurity controls, read on. I’ll explain how a managed security service provider (MSSP) can help you meet the requirements.

What Is DFARS?

Since December 31, 2017, all DoD contractors and suppliers have been required to meet cybersecurity standards in 14 separate areas:

• Access Control Media
• Awareness & Training
• Audit & Accountability
• Configuration Management
• Identification & Authentication
• Incident Response
• Maintenance
• Media Protection
• Personnel Security
• Physical Protection
• Risk Assessment
• Security Assessment
• System & Communications Protection
• System & Information Integrity

Each area has specific security requirements that contractors and suppliers are obliged to meet. Even small manufacturers are required to provide adequate security to safeguard sensitive information, as well as rapidly report cyber incidents to DoD.

Outsourcing DFARS Requirements to an MSSP

For many small businesses, the most effective way to meet the requirements of DFARS is to outsource the task to a managed security service provider. Remember that you remain ultimately responsible for ensuring that your company meets the DFARS requirements, so it is essential to choose a service provider you are sure you can trust.

How MSSPs Can Help With DFARS Compliance

By outsourcing the DFARS Compliance work to a qualified provider you should save a lot of time and money getting and staying compliant. An outsourced provider will have all of the required document templates for the Gap Analysis and the System Security Plan as well as the advanced tools required to monitor and respond to security incidents. They will also have the resources required to perform the remediation steps required to become compliant.

How to Work With an MSSP for DFARS Compliance

When you choose to work with SysArc as your MSSP, the first thing we do is to perform a Gap Analysis. The purpose of this step is to see how your current cybersecurity status compares to the requirements you need to meet. We can work out what remediation work needs to be done to bring you up to compliance standards. We will create a remediation plan, detailing how we plan to bring your company up to speed, and implement the work after you have approved the plan.

Ongoing DFARS Compliance Work With an MSSP

Reaching compliance is only the first step in meeting the requirements set out by the DoD in DFARS. Once we have helped you to achieve compliance, SysArc works hard to monitor your security status. We keep track of cyber incidents and report them in line with DFARS regulations.

Don’t make the mistake of thinking that your business will never experience a potential cybersecurity breach. The cybersecurity landscape is constantly changing, with hackers continually coming up with new ways to steal valuable and sensitive information. DoD will not necessarily penalize businesses that experience potential breaches, as long as you meet the reporting requirements. Specifically, you must report all potential breaches to DoD within a maximum of 72 hours of discovering the incident. You can report online using DoD’s online tool or let your MSSP handle this important part of ensuring your business complies with DFARS reporting requirements.

Conclusion

If you need help ensuring your business complies with DFARS, outsourcing to an MSSP like SysArc can be a convenient way to meet the requirements. Get in touch with SysArc today to find out more about our service.

Sources

https://www.nist.gov/mep/cybersecurity-resources-manufacturers/dfars800-171-compliance
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r1.pdf

The Defense Federal Acquisition Regulation Supplement, or DFARS, is a set of security standards created by the Department of Defense to protect information handled by external contractors. These rules apply to all contractors with the DoD who “process, store or transmit” Controlled Unclassified Information (CUI).

Cybersecurity Requirements of DFARS

The two foundational points of DFARS are adequate security of information and rapid reporting of any breach.

Information security standards are broken down into 14 areas of focus:

• Access Control Media
• Awareness & Training
• Audit & Accountability
• Configuration Management
• Identification & Authentication
• Incident Response
• Maintenance
• Media Protection
• Personnel Security
• Physical Protection
• Risk Assessment
• Security Assessment
• System & Communications Protection
• System & Information Integrity

Each of the points above is detailed and explained in an 83-page document entitled NIST Special Publication 800-171. This document, in turn, references two other documents that explain each point in greater detail.

With respect to incident reporting, time is of the essence. Any data breach must be reported to the DoD within 72 hours of its discovery. The fine print of the law specifies exactly what constitutes a reportable incident, including any unauthorized access to information or any loss of control of information. There are detailed transparency guidelines that govern how such a business is required to cooperate with a DoD investigation.

Compliance Procedures

All contractors who have any exposure to CUI must be very familiar with the full detailed set of rules and requirements. Within 30 days of being awarded a contract, the company must produce a written report of any areas in the DFARS standards that they are not fully in compliance with. Through the contracting officer, these companies have the right to propose alternate security measures, as long as these measures are at least as stringent as those required by DFARS.

Guidelines Permit Outsourcing of Cybersecurity

The DoD is well aware that many small manufacturers aren’t equipped to comply with highly detailed cybersecurity requirements in-house. Therefore, they specifically allow these functions to be outsourced. Costs incurred in meeting these requirements may sometimes be recoverable, and details about this possibility are also available from the DoD. Cloud data storage providers must meet a set of standards called the FedRAMP “moderate” security requirements. They must also comply with all incident reporting and other requirements.

If you’d like to learn more about outsourcing your DFARS compliance to a cybersecurity company, get a Free Compliance Assessment.

Sources:

https://www.nist.gov/mep/cybersecurity-resources-manufacturers/dfars800-171-compliance
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r1.pdf