Aerstone Releases DFARS Assessment White Paper

ROCKVILLE, Maryland — April 25, 2016 —Aerstone today released a white paper providing guidance to government contractors on how to comply with the DOD’s new DFARS clause, “Safeguarding Covered Defense Information and Cyber Incident Reporting”. Aerstone notes there are a few relatively simple steps that defense contractors (and their subcontractors) can take to efficiently deal with the requirements levied on them by the new DFARS clause.

The Department of Defense recently added a new clause to the Defense Federal Acquisition Regulation Supplement (DFARS). This clause, “Safeguarding Covered Defense Information and Cyber Incident Reporting” (Section 252.204-7012), requires all DoD prime contractors and subcontractors to implement “adequate security” based on a set of security controls referenced in NIST SP 800-71, and to conduct cyber incident analysis and reporting.

In order to achieve the standard of adequate security, the contractor is obligated to implement “protective measures that are commensurate with the consequences and probability of loss, misuse, or unauthorized access to, or modification of information.” Aerstone’s white paper provides recommendations and information to comply with the new regulation, which is required for virtually any company doing business with the DoD, no later than 31 December 2017.

The white paper also offers readers some lessons learned to achieve DFARS compliance and incident reporting, including (but not limited to):

  • Third-party confirmation is better than doing it yourself
  • Most real problems come from poor configuration management
  • Style is just as important to the auditors as substance

For more details visit


About Aerstone

Quest Consultants LLC DBA Aerstone is a veteran owned small business (VOSB) that provides subject matter expertise and software development services in the field of advanced cybersecurity. Our commercial customers include medium and large organizations in the financial services, legal, utility, and education spaces – as well as a number of non-profit organizations. The company also provides exceptional support and cleared staff to a wide variety of federal organizations in the civilian, military, and intelligence community sectors. Our products and services touch all aspects of cybersecurity, including architecture, systems design, software development, training, assessment, and forensics. For more information, visit


For customer and partnership inquiries, please contact us

For all media inquiries, please contact us via e-mail at