This is important information for all companies with contracts or sub-contracts with the Federal Government.

What is DFARS

If you are currently working as a defense contractor or subcontractor, then you have probably heard of DFARS.

Basically, the Federal Acquisition Regulation (FAR) is the principal set of rules in the Federal Acquisition Regulations System. The FAR System governs the “acquisition process” that executive agencies of the United States federal government acquire (i.e., purchase or lease) goods and services by contract with appropriated funds.

DFARS stands for Defense Federal Acquisition Regulation Supplement.

In other words, DFAR/ DFARS is a set of rules that the federal government must follow before purchasing goods or services.

What is Cybersecurity?

Cybersecurity a commonly used term that, loosely defined, is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. Elements of cybersecurity can include: audit and accountability; Incident response; access control; identification and authentication; media protection; personnel security; awareness and training; risk assessment; security assessment; physical security; system and information integrity; system and communications Protection; maintenance; and configuration management.

What’s Changing

Basically, the Department of Defense is incorporating the requirements outlined by National Institute of Standards and Technology (NIST) which is part of the US Department of Commerce. DoD is requiring that all defense contractors and subcontractors implement the security controls outlined in NIST SP 800-171 by December 31, 2017.

In addition to working towards becoming 100% compliant, the Department of Defense is also requiring any defense contractor that is not fully compliant to notify the DoD Chief Information Officer (CIO) of all missing NIST SP 800-171 security requirements within 30 days of a contract being awarded or amended. Failure to do so can be deemed a breach of contract!

Hence, it is critical that all companies that have or are considering having contracts with the US Department of Defense, read, understand and implement NIST SP 800-171. Go to for a copy of this document.

Reach out to the SBDC for more information and assistance.