All You Need To Know About The DFARS Interim Rule

You've probably heard of the phrase "DFARS," which refers to the federal government's attempts to improve cybersecurity and defence measures. But what exactly is DFARS, and how does it affect GSA contractors? You'll discover that it's a crucial set of rules to follow and comprehend.

The Defense Federal Acquisition Regulation Supplement (DFARS) is an acronym for Defense Federal Acquisition Regulation Supplement. The Department of Defense (DoD) oversees it as a complement to the Federal Acquisition Regulation (FAR). The defence supplement was created as part of the government's endeavour to protect national security against cyberattacks.

DFARS Compliance is required if you work on any government or defense-related contracts. Contractors must now be able to establish that they can satisfy all applicable standards in order to be DFARS compliant, as part of the Department of Defense's latest interim regulation.

DFARS Scope -

Defense industries face specific export compliance challenges, but full compliance with all applicable export control is critical. The National Institute of Standards and Technology (NIST) SP 800-171 classifies DFARS into 14 groups of control measures. Each control fulfils the DFARS basic security requirements:

• Awareness and Training

• Access Control

• Accountability and Audit

• Identification and Authentication

• Configuration Management

• Maintenance

• Incident Response

• Media Protection

• Personnel Security

• Risk Assessment

• Information Integrity System

• Security Assessment System

• Communications Protection System

The DFARS Interim Rule -

The new regulation would compel contractors and subcontractors working for the Department of Defense to submit scored self-assessments against current NIST 800-171 standards. This procedure will also serve as a connection between the CMMC compliance deployment.

These are some of the highlights of about the DFARS interim rule :

• It has been in existence from December 1, 2020

• It applies to contractors who handle CUI

• Must be compliant with NIST 800-171 and include a System Security Plan (SSP)

• All prime contractors, subcontractors, and suppliers that manage CUI

• Random Audits are subject to the requirements.

The restrictions outlined in the Interim Ruling will affect any work done by military contractors, including prime and subcontractors, that is subject to DFARS 252.204-7012. Defense contractors handling CUI must follow NIST SP 800-171 cybersecurity procedures under the DFARS -7012 clause. Contractors that manage only commercial off-the-shelf (COTS) products are excluded from the Interim Rule's requirements. The Interim Rule adds three new clauses (7019, 7020, and 7021) to NIST SP 800-171's self-assessment requirement in order to reinforce it while also making the transition to CMMC easier.

Get Started Now -

The DFARS Interim Rule raises the stakes for everyone involved in the defence industry. While the Interim Rule is subject to public comment, contractors should not expect the final rule to differ materially from the present form. Minor clarifications are significantly more plausible, given that the regulation has been in the works for years.

As a result, businesses across the DoD supply chain must act now, rather than waiting for the new DFAR criteria to emerge in a contract. Linqsgroup has simplified the export control compliance in to assist defence and defense-related enterprises of all sizes and scopes achieve and maintain compliance.

Author Bio:-

Linqs Group works in Winvale's Public Sector Technology department as an Account Manager, where she oversees partner accounts under the GSA MAS Large Category F contract. Leslie has a lot of knowledge in generating new business, retaining customers, and developing excellent connections with external business partners. For More Details:- https://www.linqsgroup.com/export-control/.

Linqs Group's objective is to provide businesses and organisations with a comprehensive range of Governance, Risk, and Compliance (GRC) consultancy services. Cybersecurity management, global export restrictions, and ISO/AS Quality Management Systems