DEFENSE FEDERAL ACQUISITION REGULATION SUPPLEMENT (DFARS) COMPLIANCE

What is DFARS?

With the ever evolving risk of cyber-attacks, The Defense Federal Acquisition Regulation Supplement (DFARS) broadly stipulates that any company working with the Department of Defense, in any capacity, must meet certain data security benchmarks in order to acquire and maintain a contract. This does not only fall to organizations hosting ‘sensitive information’ to meet this regulation, this pertains to any organization looking to contract with the DoD.

DFARS Compliance Requirements


  • Implementation of cyber incident analysis and reporting
  • Adoption of 79 predefined security protocols
  • Coverage of all information, regardless of location, pertaining to Controlled Technical Information, OpSec Information,Export-Controlled Information and anything specifically related to the contract that does not fall into one of these categories
  • Adequate intrusion monitoring and disclosure
  • To achieve DFARS Compliance standards, organizations must pass a readiness assessment following NIST SP 800-171 guidelines, which include:
    • Audit and Accountability
    • Awareness and Training
    • Access Controls
    • Incident Response
    • Identification and Authentication
    • Configuration Management
    • Media Protection
    • Maintenance
    • Personnel Security
    • Physical Protection
    • Security Assessment
    • Risk Assessment
    • System and Information Integrity
    • System and Communications Protection

Check out our DFARS Compliance Checklist for more information!

Who Needs to Be Compliant?


Anyone who is looking to win a contract to work with the DoD or other federal agencies is required to be DFARS compliant. Whether you are a large defense contractor or a smaller organization trying to win your first contract, becoming DFARS compliant is a must. Even if you do not currently bid on contracts with the DoD, you can take advantage of future opportunities by becoming DFARS compliant and showing your strong security posture.

Charles IT Can Help by Utilizing Our Two Step Process!


Step 1: Gap Assessment

The first important step to becoming DFARS compliant is to see where your organization stands in meeting the minimum DFARS requirements. This step is referred to as a Gap Assessment, this assessment is designed to determine the “gaps” or holes in your business’s security posture and show you what you need to do to fill those gaps.

Charles IT wants to help make sure you are compliant so that you can take on the contracts that are critical to your business. Whether you are familiar or new to DFARS compliance, a Gap Assessment should be performed so there are no surprises come audit time. Results of our Charles IT GAP Assessment may uncover issues such as:

  • Control of information systems and how they are accessed
  • Training processes of information system administrators and managers
  • Storage of data records
  • Implementation of security measures and controls
  • Development and implementation of incident response
img-Step2-CMMC-Services

Step 2: DFARS Services

Our Security Services Include:

Need help understanding CMMC? Find out everything that you need to know by reading our FREE eBook.Read it now
+