MainNerve Expertise
Learn About DFARS Compliance

For Defense Contractors of all sizes, whether a Prime Contractor or Subcontractor, compliance with DFARS clause 252.204.7012 Safeguarding Covered Defense Information and Cyber Incident Reporting was mandatory by December 31 of 2017.

The DFARS clause specifically states that defense contractors will ensure that any Controlled Unclassified Information (CUI), is appropriately protected as outlined in the National Institute of Standards and Technology (NIST) Special Publication 800-171 Revision 1 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.

ww
Ready to start talking with a professional? 
In Simple Terms
What Does This Mean?
If your organization has access to defense information that is considered Controlled Unclassified Information) such as defense contract information, indirect or direct pricing information, not to mention classified data, compliance with DFARS Clause 252.204.7012 and NIST 800-171 Revision 1 is mandatory.
How Do I
Become Compliant?

All Defense Contractors must conduct an internal or external assessment of how they are compliant with the 110 controls that are outlined in NIST SP 800-171. They are required to create a system security plan that outlines how the defense contractor complies with each of the controls or how they plan to meet the control requirements.

Let Us Help
Applicable Services

Compliance with DFARS can seem like an overwhelming challenge, especially for the smaller defense contractors. As a certified defense contractor with 19 years of experience, MainNerve understands the requirements to be compliant with DFARS.

Risk Assessment Checklist

For its clients, MainNerve provides a DFARS related security assessment checklist that covers all 110 controls and providing the defense contractor with the ability to create their own security plan that meets DFARS Clause 252.204.7012 and NIST 800-171 Revision 1 requirements to protect CUI.

Vulnerability Scanning

Vulnerability Scanning is required on a quarterly basis under the DFARS clause. MainNerve has extensive experience providing its customers affordable vulnerability scanning services using the industry’s leading tools.

Penetration Testing

While penetration testing is not specifically mandated under the DFARS clause, it is a recommended practice, and annual penetration tests and quarterly scans are encouraged to demonstrate “best practice” cybersecurity principles in case of a breach or audit as well as heighten your cybersecurity posture.

Resources

Defense Program and Acquisition Policy

National Institute of Standards and Technology Special Publication 800-171 Revision 1