Defense Federal Acquisition Regulation Supplement (DFARS)
The Department of Defense (DoD) administers the Defense Federal Acquisition Regulation Supplement (DFARS) to the Federal Acquisition Regulation (FAR). The FAR is implemented and supplemented by the DFARS.
The DFARS contains:
- Requirements of law
- DoD-wide policies
- Delegations of FAR authorities
- Deviations from FAR requirements
- Policies and procedures that have a significant effect on the public
DFARS Cybersecurity Requirements
DoD contractors that process, store, or transmit Controlled Unclassified Information (CUI) need to meet the DFARS minimum security standards, or risk losing their contracts.
DFARS contains basic security controls for contractor information systems upon which this information resides. Contractors and subcontractors must implement the controls specified in NIST Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations”.