The Defense Federal Acquisition Regulation Supplement (DFARS) is a set of cybersecurity regulations that the Department of Defense (DoD) imposes on external contractors and suppliers. If you feel unsure about how to meet these cybersecurity controls, read on. I’ll explain how a managed security service provider (MSSP) can help you meet the requirements.
What Is DFARS?
Since December 31, 2017, all DoD contractors and suppliers have been required to meet cybersecurity standards in 14 separate areas:
- Access Control Media
- Awareness & Training
- Audit & Accountability
- Configuration Management
- Identification & Authentication
- Incident Response
- Maintenance
- Media Protection
- Personnel Security
- Physical Protection
- Risk Assessment
- Security Assessment
- System & Communications Protection
- System & Information Integrity
Each area has specific security requirements that contractors and suppliers are obliged to meet. Even small manufacturers are required to provide adequate security to safeguard sensitive information, as well as rapidly report cyber incidents to DoD.
Outsourcing DFARS Requirements to an MSSP
For many small businesses, the most effective way to meet the requirements of DFARS is to outsource the task to a managed security service provider. Remember that you remain ultimately responsible for ensuring that your company meets the DFARS requirements, so it is essential to choose a service provider you are sure you can trust.
How MSSPs Can Help With DFARS Compliance
By outsourcing the DFARS Compliance work to a qualified provider you should save a lot of time and money getting and staying compliant. An outsourced provider will have all of the required document templates for the Gap Analysis and the System Security Plan as well as the advanced tools required to monitor and respond to security incidents. They will also have the resources required to perform the remediation steps required to become compliant.
How to Work With an MSSP for DFARS Compliance
When you choose to work with SysArc as your MSSP, the first thing we do is to perform a Gap Analysis. The purpose of this step is to see how your current cybersecurity status compares to the requirements you need to meet. We can work out what remediation work needs to be done to bring you up to compliance standards. We will create a remediation plan, detailing how we plan to bring your company up to speed, and implement the work after you have approved the plan.
Ongoing DFARS Compliance Work With an MSSP
Reaching compliance is only the first step in meeting the requirements set out by the DoD in DFARS. Once we have helped you to achieve compliance, SysArc works hard to monitor your security status. We keep track of cyber incidents and report them in line with DFARS regulations.
Don’t make the mistake of thinking that your business will never experience a potential cybersecurity breach. The cybersecurity landscape is constantly changing, with hackers continually coming up with new ways to steal valuable and sensitive information. DoD will not necessarily penalize businesses that experience potential breaches, as long as you meet the reporting requirements. Specifically, you must report all potential breaches to DoD within a maximum of 72 hours of discovering the incident. You can report online using DoD’s online tool or let your MSSP handle this important part of ensuring your business complies with DFARS reporting requirements.
Conclusion
If you need help ensuring your business complies with DFARS, outsourcing to an MSSP like SysArc can be a convenient way to meet the requirements. Get in touch with SysArc today to find out more about our service.
Sources
https://www.nist.gov/mep/cybersecurity-resources-manufacturers/dfars800-171-compliance
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r1.pdf