FAR & DFARS Compliance

Submenu

For more information, please contact:

Chandler Hall
chandler.hall@sentar.com
(256) 836-7853

We have years of experience helping Federal contractors of all sizes and industries obtain their compliance with the cybersecurity controls specified in both the Federal Acquisition Regulations (FAR) and the Defense Federal Acquisition Regulations Supplement (DFARS). 

Specifically, firms often contract with Sentar to perform a range of cybersecurity assessment services for the FAR Regulations 48 FAR 52.204-21, FAR Title 32 CFR Part 2002, and the DFARS 252.204-7012 (including the previous 7008, 7009, and 7010 supplements).

What are the FAR & DFARS compliance requirements?

The FAR contractual clauses are specified on every Federal contract, and the DFARS clause is specified on almost every DOD contract. These clauses define the compliance requirements, mostly cybersecurity controls that federal contractors are required to meet in order to be awarded the contract, as well as keep the contract. Every contractor that has signed a contract with these clauses in them are attesting that their organization fully meets these compliance requirements.

Why should my organization care about these clauses?

The FAR contractual clauses are specified on every Federal contract, and the DFARS clause is specified on almost every DOD contract. These clauses define the compliance requirements, mostly cybersecurity controls that federal contractors are required to meet in order to be awarded the contract, as well as keep the contract. Every contractor that has signed a contract with these clauses in them are attesting that their organization fully meets these compliance requirements.

What are the challenges of obtaining compliance for these requirements?

The FAR contractual clauses are specified on every Federal contract, and the DFARS clause is specified on almost every DOD contract. These clauses define the compliance requirements, mostly cybersecurity controls that federal contractors are required to meet in order to be awarded the contract, as well as keep the contract. Every contractor that has signed a contract with these clauses in them are attesting that their organization fully meets these compliance requirements.

How can Sentar Help?

Our Governance, Regulation, and Compliance experts have helped dozens and dozens of federal contractors meet their compliance requirements. Every Sentar GRC client that has been audited for their compliance has passed without exception. If you want to be certain your organization is compliant, contact us today. In most cases, we can analyze and provide a complete understanding of your compliance maturity posture, as well as support your remediation efforts along the way.

DFARS Assessment Solutions

We offer several assessment solutions, including custom ones, to meet your exact needs. Whether you are starting from scratch, or just need some expert help to complete the effort, we can provide the service you need within your budget constraints.

DFARS 252.204-7012

The Department of Defense has addressed the need for major improvements in cybersecurity throughout their entire Defense in Base Contractor Supply Chains, which of course includes contractors that supply services and products to the DoD. One major regulation in this effort is a set of clauses: DFARS 252.204-7008, DFARS 252.204-7009 and DFARS 252.204-7012 that reference NIST SP 800-171 control standards.

This regulation applies to all Prime Contractors, Subcontractors and Universities performing work for the DoD. Your contract may include audit provisions to ensure compliance.

DFARS & EXOSTAR

EXOSTAR is a secure information sharing and collaboration environment used by several large prime contractors. It could be compared to an approved clearinghouse DropBox-type application for Federal Contractors. Many of the primes using EXOSTAR request that their subcontractors report their DFARS 252.204-7012 compliance status via a standardized form they have collectively agreed upon. DoD Contractors may receive directives from primes to update their EXOSTAR profile to reflect their DFARS CDI/NIST 800-171 Compliance.

FAR Title 32 Part 2002

FAR 32 CFR 2002 is a Federal Acquisition Regulation that will require all Federal Contractors to improve their Safeguarding of Controlled Unclassified Information (CUI). It defines uniform policies and practices across the federal government and throughout all Prime and Sub Contractor companies conducting business with the US Federal Government. Typically, the Title 32 CFR Part 2002 clause is added to non-DoD Federal Contracts.

48 FAR 52.204-21

Finalized and approved in June 2016, the 48 FAR 52.204-21 Federal Acquisition Regulation (FAR) requires all Federal Contractors to improve their Basic Safeguarding of Covered Contractor Information Systems. It defines that federal contractors must be compliant with the below fifteen cybersecurity and physical security controls. These are a very basic subset of the NIST Special Publication 800-171 controls for safeguarding Controlled Unclassified Information (CUI) and/or Covered Defense Information (CDI) that defense contractors must follow.

If you or your company are seeking help on understanding the requirements, assessing your compliance and/or meeting compliance, we can help! Please contact us.

For more information, please contact:

Chandler Hall
chandler.hall@sentar.com
(256) 836-7853

We’re Hiring

Join the fastest-growing team in cyber