- DFARS Compliance Safeguarding Covered Defense Information and Cyber Incident Reporting.
3+ years in the making, our DFARS Compliance solution is tailor-made to address the DFARS 252.204.7012 - Safeguarding Covered Defense Information and Cyber Incident Reporting requirements.
Our solution is straightforward and simple to follow. We have worked in and around the defense contracting world for 20 years. We witnessed the birth of what would become information assurance in the late 1990's, and is now more commonly known as cyber security.
If you are wondering if your company must comply, you can ask yourself these quick pre-qualifying questions.
If the answer is yes to the above questions, you must comply and must do so by December 31, 2017. Compliance doesn't have to resemble a multi-headed hydra. We can help get you onto a path to compliance quickly and efficiently.
Our MORTAR program is designed to slice the work into manageable portions and help facilitate a better understanding of what compliance means within your company. There will be little geek speak and you will find these conversations helpful and informative to you as the risk owner.
One unique element of our MORTAR program is that we have worked diligently to take all the complexity and tech-talk out, leaving you free to focus on business concepts you are familiar with, such as:
There is a correlation between the security requirements of DFARS and these six standard business states. By grouping the security controls, you will find it much easier to understand why the requirement exists, and what you need to do to align with the requirement.
- Our Strategy
Here are some typical questions, concerns, and responses related to this process.
Business structure is not relevant where DFARS compliance is concerned. If you are provided controlled unclassified information by a Federal agency under contract, you must comply.
Sorry, but no. When it comes to risk management and risk mitigation, the risk owner must ultimately own the residual risk associated with your company. This is typically 1 or more owners.
No company or agency can guarantee compliance. It is much more effective to think about DFARS compliance as an alignment issue rather than a compliance issue.
That's a great start but won't get you to the finish line. Alignment with DFARS includes things that might surprise you, like how you respond to a security breach from a public relations standpoint.