With the escalating cyber threats that affect the U.S. Government, the U.S. Department of Commerce issued a Defense Federal Acquisition Regulation Supplement (DFARS) to safeguard the U.S. Department of Defense’s (DoD) unclassified information. The regulation now requires all aerospace and defense companies to be compliant.
Roadmap to DFARS Compliance
In order to be considered DFARS compliant, organizations need to pass a readiness assessment according to the NIST SP 800-171 guidelines.
On average, it will take an organization about six to ten months to become compliant, depending on the organization’s current security status and the available resources they have at their disposal.
Planning is the key to ensure success in your DFARS compliance expedition. It is essential to treat this as a major project, with the mindset of having the needed resources and funding set ahead of time. Many companies hire specialists and consultants and this can really expedite the process, plus it can help an organization to avoid common errors.
Let’s look at an action plan or roadmap to guarantee your cloud environment is safe and compliant according to the DFARS mandate.
Step 1: Calculate Your Organization’s Applicability
Key Question: How can your organization stay relevant?
Using the controls listed in NIST SP 800-171, document the gaps between your current position and the expected end goal.
To ensure your organization is applicable, check off these essentials for Step 1:
Step 2: Build a Remedial Plan to Safeguard against Non-Compliance
Key Question: What is your current Security Status?
In order to stay NIST SP 800-171 compliant, make sure you can put a check next to these measures:
Step 3: Implement Your Remediation Plan to Ensure Compliance
Key Question: Have you developed a plan of action to track your progress?
Developing a system security plan will give you the peace of mind in knowing that you are going to be compliant. You won’t have to worry about fines and penalties.
Step 4: Continuously Monitor and Follow-Up
Key Question: How do you maintain constant monitoring to ensure compliance?
Establishing a plan to effectively monitor your compliance can be achieved by doing the following:
To Be DFARS Compliant, it is important to remember to set controls in place for current systems and data, while remembering the need to cover new systems and data as they are created. If you fail to keep this in mind, you will assuredly find yourself falling short of compliance.
There is a propensity within organizations to place an emphasis on the controls during the implementation phase, but once the system is up and running, they tend to take their foot off the gas and eyes off the road. Sustaining constant compliance is a never-ending process. You must continuously make sure that new data and systems are effectively classified and that the correct controls are applied. Once DFARS is running and business returns to normal, a high level of attentiveness must be maintained to guarantee the safety and compliance of your organization.