For Defense Contractors of all sizes, whether a Prime Contractor or Subcontractor, compliance with DFARS clause 252.204.7012 Safeguarding Covered Defense Information and Cyber Incident Reporting was mandatory by December 31 of 2017.
The DFARS clause specifically states that defense contractors will ensure that any Controlled Unclassified Information (CUI), is appropriately protected as outlined in the National Institute of Standards and Technology (NIST) Special Publication 800-171 Revision 1 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.
All Defense Contractors must conduct an internal or external assessment of how they are compliant with the 110 controls that are outlined in NIST SP 800-171. They are required to create a system security plan that outlines how the defense contractor complies with each of the controls or how they plan to meet the control requirements.
Compliance with DFARS can seem like an overwhelming challenge, especially for the smaller defense contractors. As a certified defense contractor with 19 years of experience, MainNerve understands the requirements to be compliant with DFARS.
Risk Assessment Checklist
For its clients, MainNerve provides a DFARS related security assessment checklist that covers all 110 controls and providing the defense contractor with the ability to create their own security plan that meets DFARS Clause 252.204.7012 and NIST 800-171 Revision 1 requirements to protect CUI.
Vulnerability Scanning is required on a quarterly basis under the DFARS clause. MainNerve has extensive experience providing its customers affordable vulnerability scanning services using the industry’s leading tools.
While penetration testing is not specifically mandated under the DFARS clause, it is a recommended practice, and annual penetration tests and quarterly scans are encouraged to demonstrate “best practice” cybersecurity principles in case of a breach or audit as well as heighten your cybersecurity posture.