If a majority of your business comes from US Department of Defense contract work, you have certain obligations.

One of those obligations, DFARS, has grown in importance over the years. The Defense Federal Acquisition Regulation Supplement (DFARS) is a set of cybersecurity regulations that the Department of Defense (DoD) now imposes on external contractors and suppliers.

Even if you aren't a 1st Tier provider, if you're in the chain, you need to meet these IT and security-related standards.

One of our clients is a secondary tier provider and falls under the DFARS regulations.

After we found out about DFARS, we let the client know that they needed to start a process to prove compliance before the regulations were in effect. Like many programs, you are given a window of time to come into compliance and after that you may lose contracts or not get paid.

Compliance is a multistep process:
1. Identify compliance requirements and applicable regulations.
2. Determine compliance gaps.
3. Create a plan for gap remediation.
4. Implement the plan.
5. Complete a self-assessment or in some cases perform a formal external compliance check.

After you're in compliance, it doesn't end there. You still need to monitor for compliance and report any security breach.

This isn't a simple one day process or a form to fill out. It requires a rigorous process to insure compliance. Don't wait until it is too late. We can help.

Ferox has been very helpful in guiding us through the DFARS process. Without their help, we couldn't have done it.