What is DFARS, and How is Compliance Determined?
DFARS stands for the Defense Federal Acquisition Regulation Supplement, which governs the relationship between private-sector contractors and the U.S. Department of Defense (DoD). DFARS 252.204-7012 specifically mandates what steps contractors must take to store, share, and process any DoD controlled unclassified information (CUI) they receive over the course of their engagements.
DFARS outlines specific cyber incident response and reporting requirements that contractors will need to follow when reacting to data breaches and other cyber incidents. It also requires contractors and their subcontractors to use adequate security measures to protect CUI, and specifically requires them to comply with NIST 800-171. DFARS allows contractors to use cloud computing services—including virtual cloud hosting—to store UCI, so long as this data is confined to U.S.-based servers.
How Does DFARS Hosting Work?
Contractors seeking to secure DoD projects will need to prove they have the right information system protections in place to protect DoD UCI. Our ePHI and HIPAA-compliant virtual cloud hosting platform, Abacus Private Cloud, can help. With Private Cloud, your UCI and software will be safeguarded by three layers of physical, server, and data security, along with 256-bit AES encryption, dedicated IP addresses, 2FA, and other industry-leading protections. This allows you to securely work with DoD UCI in compliance with DFARS anywhere from any device.
What Do I Need to Do to Audit and Maintain Compliance with the DFARS?
While all clients must monitor their account activity and data when ensuring compliance, AbacusNext can tailor your account settings to meet DFARS security requirements. We routinely audit our platform using NIST and SSAE- 18 standards, and can provide SOC reports upon request. We additionally monitor our accounts around-the-clock, and can automate important software updates, firmware upgrades, and patches.
Are there AbacusNext Clients Who are Compliant with DFARS?
Absolutely! Contact us today to see how Abacus Private Cloud can help you achieve DFARS compliance, and schedule a complimentary cybersecurity assessment to learn about the state and integrity of your current cybersecurity protections.