DoD Gets Serious About DFARS Compliance

By Joakim Thorén, CEO

It's been more than a year since the U.S. Department of Defense (DoD) insisted companies working with the U.S. comply with its data security guidelines. Specifically, suppliers, contractors and any vendor working with the DoD must follow the mandate, known as the Defense Federal Acquisition Regulation Supplement (DFARS).

Now, the DoD is warning suppliers and contractors not in compliance with DFARS that they risk losing their government contracts. While an alarm bell has sounded, it's still not too late to comply.

A key provision of the 14 issues identified by DFARS relates to accurately identifying anyone accessing CUI data (access controls). Contractors, suppliers and others must be able to show they have a security system plan that includes, among other things, information about their access management. To learn more, visit the National Institute of Standards and Technology site and view special publication 800-171 which addresses the protection of CUI.

A key technology that solves the issue of controlling system access so only authorized personnel, devices, transactions and the like have access is virtual smart cards, or VSCs, which allow companies working with the government (and in the private sector as well) to quickly, cost effectively and easily implement strong authentication.

To better understand how Versasec is helping contractors become compliant with DFARS and how we can help your organization become compliant as well, reach out to us here: support and click on the "chat" button.

Tags: nist, dfars, government, cybersecurity, iam, two-factor.