Do you know who your company supplies to? Who the end users of your product(s) are? If your company provides products being sold to the Department of Defense (DoD) you are required to comply with the minimum cybersecurity standards set by DFARS.
All DoD contractors that process, store or transmit Controlled Unclassified Information (CUI) must meet DFARS minimum security standards or risk losing their DoD contracts.
DFARS provides a set of adequate security controls to safeguard information systems where contractor data resides. Based on NIST Special Publication 800-171 “Protecting Controlled Unclassified Information in Non-Federal Information Systems and Organizations”, manufacturers must implement these security controls through all levels of their supply chain.
DoD Frequently Asked Questions regarding the implementation of DFARS Subpart 204.73 and PGI Subpart 201.73 and DFRAS Subpart 239.76 and PGI Subpart 239.76.
NIST Handbook 162 "NIST MEP Cybersecurity Self-Assessment Handbook For Assessing NIST SP 800-171 Security Requirements in Response to DFARS Cybersecurity Requirements.” The Handbook provides a step-by-step guide to assessing a manufacturer’s information systems against the security requirements in NIST SP 800-171 rev 1.
In addition to helping defense contractors comply with DFARS, the Handbook may also be useful for other manufacturers interested in applying the NIST SP 800-171 security requirements, including those seeking to comply with the Controlled Unclassified Information Federal Acquisition Regulation (FAR) clause. Additionally, manufacturers operating in commercial supply chains may consider implementing the NIST security requirements as an integral aspect of managing their organizational risks.
The MEP National NetworkTM has been active in providing awareness and assistance to help U.S. manufacturers protect their information assets from the risks of cyberattacks. MEP Centers can provide valuable assistance to small manufacturers seeking reduction of their cyber risks and DFARS compliance.