Let’s forget about a Cyber Attack for Now

The following FARS & DFARS companies should have a big cyber worry besides ransomware and other cyber-attacks

NIST, the National Institute of Standards and Technology, guidance provides the set of standards for recommended security controls for information systems at federal agencies. ... NIST guidelines are often developed to help agencies meet specific regulatory compliance requirements.



Truck Mfg.

Truck (parts)

Weapons Mfg.

Weapon (parts)

Clothing Mfg.

Clothing (misc.)

A supplement to the FARS that provides DOD-specific acquisition regulations that DOD government acquisition officials – and those contractors doing business with DOD – must follow in the procurement process for goods and services. DFARS – Defense Federal Acquisition Regulation Supplement. DFARS standards point directly back to NIST 800-171, which is a set of security questions that dives into the heart of how to protect a business, and more importantly your organizations’ controlled data.

The Department of Defense (DOD) Federal Acquisition Regulations Supplement (DFARS) has required since the end of 2017 that contractors must be compliant with NIST 800-171. DFARS Clause 252.204-7012 and NIST 800-171 cybersecurity requirements for primes and subcontractors are no longer voluntary with DOD audits underway.  The two most damaging penalties for companies not complying with these government regulations is losing your government contract and or your company!

You must consider loss of contracts, proposal exclusions, adverse performance reviews, etc. Your prime-contractors are going to ask about DFARS, and you should be asking your sub-contractors as well.

Other regulations

  • Cyber Insurance policy coverage requires plans, policies, specific training of employees
  • More vendor contracts now require proof of a cyber security program
  • Other - HIPAA, PCI, NY State, California, Gramm-Leach-Bliley, ENISA &GDPR (EU)

Cyber Attacks are only half the problem!

Cyber fines from FARS & DFARS, HIPAA or PCI can and has put SMB companies out of business

Mid-May 2019 signaled a potential rude awakening for government contractors subject to cybersecurity requirements. A California U.S. district court ruled that allegations against Aerojet Rocketdyne could progress following a former employee’s complaint that the company terminated his employment after he disclosed cybersecurity failures to the company’s board of directors and refused to sign documents indicating that the company was compliant.

Please understand there are hefty fines for non-compliance. And if you try to pass your business off as DFARS and NIST compliant when it isn’t, the government can use their favorite litigation tool against contractual fraud, the False Claims Act, also known as the “Lincoln Law.” You don’t want your business to be forced to learn a lot about this after you’ve been dragged into court for fraud.

With the threat of cyber-attacks escalating every day, the federal government is putting a higher importance on addressing cyber security threats. Cyber compliance standards will continue to expand and intensify as digital threats become more sophisticated and will not lessen.

  • FREE NIST Compliance Audit

  • This field is for validation purposes and should be left unchanged.