DFARS and the Aerospace & Defence Enterprise - Is Your Organisation Ready?
Under the US Defence Federal Acquisition Regulation Supplement (DFARS) 225.204.7012 defence industry contractors, subcontractors and suppliers must meet the strict requirements for Controlled Unclassified Information (CUI) protection to comply with the National Institute of Standards and Technology Special Publication (NIST SP) 800-171.
Examples where IT security protection is required for defence industry organisations include contracts, agreements, subcontracts, projects, research and development activities and support arrangements that process, store or handle US sourced CUI, International Traffic in Arms Regulations (ITAR), Export Administration Regulations (EAR) or Foreign Military Sales (FMS) controlled information or data.
What does “compliance” mean? How will your organisation be affected? What are the realistic consequences of non-compliance? Is a Plan of Action & Milestones (POA&M) sufficient for compliance?
There are, and will continue to be, questions and confusion surrounding DFARS compliance.
This white paper is to share DXC’s position on DFARS, based particularly on deep regulatory understanding, membership on the Aerospace Industries Association (AIA), membership in the IT Alliance for Public Sector (ITAPS), contacts within the federal government, and experience with our large aerospace and defence (A&D) client base.
The purpose of this white paper is to provide as much clarity and perspective as possible to a shifting landscape of regulations and controls.
The DXC team has extensive experience leading leading organisation in DFARS compliance. For a free maturiry assessment please contact us.
Note: DXC intends to provide updates to this paper as information becomes available from the US federal government.
You might also be interested in
Seize the Opportunity for Efficient Compliance
Learn more about critical steps toward achieving compliance - ensuring effective governance structures are established and demonstrating true ownership and accountability.