Defense Federal Acquisition Regulation Supplement (DFARS/800-171) Compliance

What is DFARS?

The Defense Federal Acquisition Regulation Supplement (DFARS) broadly stipulates that any company working with the Department of Defense, in any capacity, must meet certain data security benchmarks in order to acquire and maintain a contract.

It does not only fall to organizations hosting ‘sensitive information’ to meet this regulation – DFARS pertains to any organization looking to contract with the DoD.

DFARS Compliance: a Comprehensive guide to understanding
your requirements

Worried about DFARS? We’ve compiled everything you need to know!

Who needs to be compliant?

Anyone who is looking to win a contract to work with the DoD or other federal agencies is required to be DFARS compliant. Whether you are a large defense contractor or a smaller organization trying to win your first contract, DFARS compliance is a must.

Even if you do not currently bid on contracts with the DoD, you can take advantage of future opportunities by becoming DFARS compliant and showing your strong security posture.

What are the DFARS compliance requirements?

Adoption of 79 predefined security protocols

Implementation of cyber incident analysis and reporting

Adequate intrusion monitoring and disclosure

Pass a readiness assessment following NIST SP 800-171 guidelines

Coverage of all information, regardless of location, pertaining to Controlled Technical Information, OpSec Information, Export-Controlled Information and anything specifically related to the contract that does not fall into one of these categories.

Achieve DFARS compliance with
our simple 3-step process:

Step 1

Gap Assessment

The first step to becoming DFARS-compliant is to see how your organization is meeting the minimum DFARS requirements. This is referred to as a Gap Assessment, and is designed to determine the “gaps” or holes in your business’s security posture and to show you how to fill them.

Charles IT can help make sure you are compliant so you can take on the contracts that are critical to your business. Whether you are familiar or new to DFARS compliance, a Gap Assessment should be performed so there are no surprises come audit time.

Our Charles IT GAP Assessment may uncover issues relating to:

Step 2

Enlist our DFARS Services

Backup and Disaster Recovery

Backup and Disaster Recovery

Critical to your document management and storage requirements

Dark Web Monitoring

Dark Web Monitoring

For notifications of credentials that have been made publicly available

Endpoint Encryption

Endpoint Encryption

Prevents classified information from being stolen or decrypted

External Vulnerability Scanning

External Vulnerability Scanning

Notifications of any potential threats to your network

Security Awareness Training

Security Awareness Training

Educate employees on best practices for safeguarding classified information

SIEM

SIEM

Fulfills your breach notification requirements
Step 3

DFARS Audit Assistance

Preparing for a DFARS audit is daunting, and navigating exactly what the auditors are looking for can be stressful.

Charles IT can guide you through this complex process. We can get the ball rolling by recommending DFARS auditors and then act on your behalf to produce the evidence needed to prove your security posture and effectiveness of controls.

Do not let this process distract you from what you do best: running your business. Let Charles IT step in and help you on the path to DFARS certification!

What results to expect

Once we start working with clients to achieve DFARS compliance, we’ve seen them enjoy…

Don't just take our word for it


It’s always a great feeling when you know that someone has your back. Thanks for the fast response time and professional service, Matt!
Lloyd B
20 Nov 2020

Charles IT are ALWAYS so responsive and helpful. Truly the best!
Marilena G
19 Nov 2020

Charles IT are always thinking of everything we’re not. They listen to our needs and they don’t just point out problems, they have solutions.
Joshua R
17 Nov 2020