DFARS/NIST

Manufacturing businesses involved with the Defense Industrial Base (DIB) that are contracted with the United States Department of Defense (DoD) are required to meet the parameters outlined in the Defense Federal Acquisition Regulation Supplement (DFARS).

DFARS and Procedures, Guidance, and Information (PGI) are meant to provide uniform acquisition policies and procedures for the DoD, its contractors, and subcontractors. An important portion of the DFARS and PGI requirements addresses the need for contractors and their subs to enhance their cybersecurity practices, policies, and procedures to adapt to the evolving threat environment in order to safeguard valuable government data.

Complete compliance with the security requirements outlined in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations” is detailed in the DFARS and PGI. The protection of Controlled Unclassified Information (CUI) found in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its essential missions and functions.

Manufacturers found to be non-compliant with the requirements of DFARS and NIST SP 800-171 are unable to apply for DoD contracts. No new DoD contracts are being awarded to businesses that are not compliant, leading to large financial losses for those companies.