5/16/2019 0 Comments What DFARS Compliance Entails All entities that conduct business with the Department of Defense are expected to be DFARS compliant. This is an expectation that shall be looked into, and those who fail to be compliant shall lose their contracts, or have none of their contracts renewed. In case you are not certain whether you will be affected by the compliance requirements, or if you even need to be complainant, you need to find out where your company stands. You can check on this site. It also helps if you understand a bit more about this compliance issue. DFARS stands for Defense Federal Acquisition Regulations Supplement. It is what the DoD uses to ensure the integrity of its systems when dealing with companies and agencies it needs to purchase or lease goods from. The DFARS compliance ensures that you have in place security measures to protect any controlled unclassified information (CUI) you might handle or the DoD may handle as it transacts with you. CUI refers to sensitive federal government info that is usually processed, stored, or transmitted by a company as it delivers products or offers services to the federal agencies. CUI covers a broad range of info, from credit card data, financial data, web and electronic email services, data on background checks for security clearances, healthcare data, cloud services data, and so much more. It might even touch on data used to develop communications, satellite and weapons systems. Therefore, for every business entity and corporation that comes into contact with such data in their line of working with the DoD, they are expected to have in place the necessary data protection standards. Those standards are found in the National Institute of Standards and Technology nist sp 800-171, specifically touching on the handling of CUI. This publication points out the best practices that shall see to it that information remains safe. You, therefore, have to show you have set up your IT systems in a manner that keeps that security intact. Such is how the DFARS-compliance achieved. Since it touches on compliance, you are at liberty to find the best ways that work for you that ensure the integrity of that info is never compromised. You shall, therefore, have to find the best ways to minimize information system access to specifically authorized personnel, devices, processes, transactions, and functions. You also need to secure the backup CUI at their storage points. At the same time, you need to ensure there is no reuse of identifiers. There shall be some of those regulations you already meet on account of how your organization and systems are set up. But you have to go beyond that and ensure you meet all of those regulations. Find out more about compliance here: https://en.wikipedia.org/wiki/Federal_Acquisition_Regulation.
0 Comments
Leave a Reply. |
|