DFARS - NIST
If your company provides products or services for the Department of Defense (DoD), you will need to meet new cybersecurity standards and certification set by the Defense Federal Acquisition Regulation Supplement (DFARS).
DFARS provides a set of security controls to safeguard information systems where contractor data resides. Currently, cybersecurity is based on the National Institute of Standards and Technology (NIST), the NIST Special Publication 800-171 “Protecting Controlled Unclassified Information in Non-Federal Information Systems and Organizations” and organizations need to implement the security controls through all levels of their supply chain.
Transitioning From DFARS
The Office of the Under Secretary of Defense for Acquisition & Sustainment (OUSD(A&S)) and the DoD are now transitioning to the new Cybersecurity Maturity Model Certification (CMMC) framework, which combines standards from NIST, ISO and AIA, and will require a third-party audit and certification by a CMMC Third Party Assessment Organization (C3PAOs).
On September 29, 2020 the Defense Acquisitions Regulation System released a new DFARs Interim Rule to supplement the current DFARS regulation 7012 as a procedure that helps bridge the gap between NIST 800-171 while CMMC is still being enacted.
DFARS Interim Rule
Gearing Up for CMMC
What the DFARS Interim Rule Means for Government Contractors
While the CMMC is being rolled out over the next few years, the DFARS Interim Rule went into effect November 30th, 2020.
Do you know how to navigate the new NIST and CMMC cybersecurity requirements?