Government Contractors, Suppliers, Manufacturers
Cybersecurity for government contractors and suppliers is not just a requirement – increasingly, it’s a vital competitive differentiator. For small businesses, issues of cybersecurity and compliance can mean the difference between losing your existing contracts and winning new business.
FAR (Federal Acquisition Regulations) requires government contractors to maintain a baseline of cybersecurity protections and will soon require rigorous security controls such as those currently imposed on Department of Defense (DoD) supply chains under DFARS.
Under DFARS (Defense Federal Acquisition Regulation Supplement), companies that process, store, or transmit Covered Defense Information (CDI), the DoD’s version of Controlled Unclassified Information (CUI), must demonstrate compliance with the security controls outlined in NIST SP 800-171 or they risk losing their DoD contracts.
ITAR (International Traffic in Arms Regulations) governs contractors and companies handling export-controlled information. This special category of CUI builds upon the data security requirements in DFARS by requiring that only US persons have access to the controlled data and information systems.
For more information on what to do and how, contact us.