DFARS Cybersecurity Requirements

252.204-7012   |   Safeguarding Covered Defense Information And Cyber Incident Reporting (Oct 2016)

All Department of Defense (DoD) contractors that process, store or transmit Controlled Unclassified Information (CUI) must meet the Defense Federal Acquisition Regulation Supplement (DFARS) minimum security standards by December 31, 2017 or risk losing their DoD contracts.

This DFARS subpart applies to contracts and subcontracts requiring contractors and subcontractors to safeguard covered defense information that resides in or transits through covered contractor information systems by applying specified network security requirements. It also requires reporting of cyber incidents.

The covered contractor information system shall be subject to the security requirements in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 rev1, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations”.

What do Small Manufacturers Need to Know?

NIST MEP has developed a set of Frequently Asked Questions (FAQs) for small manufacturers to better understand the DoD Cybersecurity Requirements. 

Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

NIST SP 800-171 rev 1: “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” provides requirements for protecting the confidentiality of Controlled Unclassified Information (CUI).

Self-Assessment Handbook - NIST Handbook 162

NIST Handbook 162:  The Handbook provides a step-by-step guide to assessing a manufacturer’s information systems against the security requirements in NIST SP 800-171 rev 1.

Cyber Security Evaluation Tool (CSET)

CSET: Improves situational awareness and provides insight, data, and identification of control systems threats and vulnerabilities. 

Scams and Small and Medium-Sized Manufacturers Common Scenarios

When scammers target your business, it can hurt your reputation and your bottom line. Learn the signs of scams that target small manufacturers. Download this informative brochure now:
Get It Now

How we can Help!

CMTC is here to help small and medium-sized manufacturers to map out and assess the potential impact of AM, develop a game plan to guide adoption and grow additive manufacturing knowledge across your organization. For further information, please fill out the form or contact Chris Wentworth directly at cwentworth@cmtc.com.