DFARS Compliance

All DoD contractors and their subcontractors are required to comply with the new DFARS cybersecurity regulations by 12/31/2017, including a NIST 800-171 compliance audit.

Don’t jeopardize your DoD business by failing to implement the required security controls! Use our web-based calculator to determine if your company is required to comply with DFARS Section 252.204-7012.

Take our DFARS Compliance Check

DFARS Readiness Assessment

Does your company need to be DFARS compliant, but you don’t know where to start? Before you or a third party begins a full DFARS compliance assessment, consider a Aerstone DFARS readiness assessment — a two to three week working session with our team to help you prepare for a full DFARS evaluation.

Want to learn more? Check out this DFARS Readiness Assessment video, and then contact us for more information.

Schedule Your Readiness Assessment

DFARS Webinar

Aerstone hosts a monthly free webinar series. Our June 2017 webinar will walk you through the steps to achieving full DFARS compliance. All DoD contractors and their subcontractors are required to comply with the new DFARS cybersecurity regulations by 12/31/2017, including a NIST 800-171 compliance audit.

Watch this recording of our free DFARS webinar, and schedule your assessment today!

Questions? Ask our experts!

DFARS Statute

The Defense Federal Acquisition Regulation Supplement (DFARS) contains a new clause, “Safeguarding Covered Defense Information and Cyber Incident Reporting” (Section 252.204-7012), which requires all DoD prime contractors and subcontractors to implement “adequate security” based on a set of security controls referenced in NIST SP 800-171, and to conduct cyber incident analysis and reporting. The wording of the clause is sufficiently broad as to require compliance by virtually any company doing business with the DoD, across any industry (whether technical or non-technical) no later than 31 December 2017.

Addressing Requirements

In order to achieve the standard of adequate security, contractors are obligated to implement “protective measures that are commensurate with the consequences and probability of loss, misuse, or unauthorized access to, or modification of information.” The seventy-nine (79) security controls identified in NIST SP 800-171 map back to a down-selected set of controls defined in NIST SP 800-53 Rev.4, which is used by the government to ensure security posture of both classified and unclassified systems, as required by the Federal Information Security Modernization Act (FISMA).

Achieving Compliance

Auditors understandably prefer assessment results produced by someone other than the system owners and implementers. Let Aerstone help your organization achieve compliance with this new mandatory regulation prior to the December 2017 deadline.

Compliance Countdown

Day(s)

:

Hour(s)

:

Minute(s)

:

Second(s)

Free Calculator

Aerstone’s free DFARS Calculator can help you assess your DFARS compliance needs.

DFARS Assessments

Download Aerstone's free whitepaper on simple steps to efficiently address DFARS requirements.

DFARS Assessment Whitepaper

DFARS Assessment Brochure

Interested in a DFARS assessment? Contact us today!

Our Experience Sets Us Apart

Aerstone is an NSA-certified vulnerability assessor, and a service-disabled veteran-owned small business.  We
approach each engagement with the highest levels of professionalism, determination, and creativity, honed by years of working with security professionals across the military, intelligence community, civilian government, and commercial sectors.

Contact our sales team at dfars@aerstone.com for more information.

Contact Us