DFARS Compliance Audits are Coming...Are You Prepared?
When the countdown has finalized and its now time to become DFARS compliant, who do you turn to?
You might be asking yourself what is all this I hear about an audit on the DoD supply chain for DFARS Compliance? Well, the Defense Federal Acquisition Regulation Supplement (DFARS) mandate, specifically Clause 252.204-7012, requires all contractors within the Department of Defense’s (DoD) supply chain to comply with NIST SP 800-171. This is nothing brand new, what is brand new, is the Under Secretary of Defense stepping in and forcing accountability. On January 21, 2019, Under Secretary of Defense for Acquisition & Sustainment, Ellen M. Lord, issued a memo to defense acquisition leaders with her intent to audit the DoD supply chain for DFARS compliance. In summary, she has called upon the Defense Contract Management Agency (DCMA) to audit all tier one DoD contractors for compliance and assess their processes for achieving compliance.
You can also read the memorandum for yourself here.
While the DCMA will only be directly assessing tier-one suppliers, this will surely have a ripple effect through the entire supply chain. Regardless of where you sit in the supply chain, DFARS compliance is no longer a matter of winning business. It is now a matter of losing business, and not just for you, but for your supply chain partners as well.
What Are the Key Questions that You Should Be Asking Your IT Team and Leadership?
Has our organization recently completed a security risk assessment?
Do we have a viable and current System Security Plan (SSP) and Plan of Action and Milestones (POA&M)
Are our organization’s security policies and procedures developed, documented and implemented?
Does my organization meet all 110 controls as contained in the NIST Special Publication (SP) 800-171 (r1)
Bottom line, if you are wanting to:
1). Compete in the DoD supply chain market
2). Fulfill the requirements of NIST 800-171
3). Demonstrate accountability for simply checking “YES” on a DFARS Vendor Survey
It’s time to demonstrate accountability and make it official!
How InfusionPoints Can Help Your Organization
Now you’re asking yourself what do I do? Some of our clients have already received a DFARS/NIST SP 800-171 audit. Let us help you get up to speed, tear off the band-aids, and meet the requirements.
InfusionPoints stands ready to assess, align, and deliver the policies, documentation, and technical controls support as well as apply our DFARS Virtual Network and Security Operations Center 360° (VNSOC360°) Monitoring and Operations Services to help bring your company’s controls up-to-standard in order to effectively implement the DFARS cybersecurity requirements and maintain compliance.