The Defense Federal Acquisition Regulations Supplement (DFARS) are the Department of Defense’s (DOD) supplemental regulations of the Federal Acquisition Regulations (FAR). The DFARS primarily focus on DoD-wide policy, laws, deviations from FAR requirements, and DoD specific delegations of FAR requirements. Overseen by the Defense Acquisition Regulations System (DARS) Office, the primary mission is to develop and manage the guidelines and rules for acquisition in regards to services for the DOD.
The mandate for the NIST Special Publication 800-171 requirement is published in DFARS 252.204-7012, which specifically addresses “safeguarding covered defense information and cyber incident reporting”, as revised on October 21, 2016. The scope of this mandate addresses the requirement for Government contractors and subcontractors to establish and maintain safeguards (network security) that provide security in information that resides or is transmitted through contractor systems.
Driven by Executive Order 13556 (November 4, 2010), which established a CUI Program, the NIST Special Publication 800-171 (Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations) provides principle guidelines to a government-wide requirement for CUI. The publication provides key requirement guidelines to 14 key information security areas:
Any contractor doing business with the Federal government, which handles this type of information, is required to demonstrate the security controls and be compliant to the requirements of this publication by December 31, 2017. A complete list of CUI categories can be found at the National Archives website: https://www.archives.gov/cui/registry/category-list
ITG is knowledgeable and experienced in Information Security and Information Assurance practices, including industry quality standards such as the International Organization for Standardization’s (ISO) – ISO/IEC 27001:2013 – Information Security Management Systems. Our team is well versed with the requirements of the NIST 800-171 publication, as well as the requirements and application of information systems and security control practices. As practitioners and consultant experts, our team brings a unique capability of technical understanding, implementation and application practice, and operational management that provides our partners with exceptional support to their mission and Federal customer mandates.