DFARS Cybersecurity Requirements

252.204-7012   |   Safeguarding Covered Defense Information And Cyber Incident Reporting (Oct 2016)

All Department of Defense (DoD) contractors that process, store or transmit Controlled Unclassified Information (CUI) must meet the Defense Federal Acquisition Regulation Supplement (DFARS) minimum security standards by December 31, 2017 or risk losing their DoD contracts.

This DFARS subpart applies to contracts and subcontracts requiring contractors and subcontractors to safeguard covered defense information that resides in or transits through covered contractor information systems by applying specified network security requirements. It also requires reporting of cyber incidents.

The covered contractor information system shall be subject to the security requirements in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Rev 2, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations”.

What do Small Manufacturers Need to Know?

NIST MEP has developed a set of Frequently Asked Questions (FAQs) for small manufacturers to better understand the DoD Cybersecurity Requirements. 

Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

NIST SP 800-171 Rev 2: “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” provides requirements for protecting the confidentiality of Controlled Unclassified Information (CUI).

Cyber Security Evaluation Tool (CSET)

CSET: Improves situational awareness and provides insight, data, and identification of control systems threats and vulnerabilities. 

Scams and Small and Medium-Sized Manufacturers Common Scenarios

When scammers target your business, it can hurt your reputation and your bottom line. Learn the signs of scams that target small manufacturers. Download this informative brochure now:
Get It Now
9 Elements of Cybersecurity for Small and Medium-Sized Manufacturers

Are you ready to secure your digital infrastructure?

CMTC is here to help small and medium-sized manufacturers map out and assess potential threats and pathways to secure digital infrastructure. Get in touch with us today!