What Does It Mean to Be DFARS-Compliant in 2018?


In the cyber-threat landscape of today, the hacker is out to get all sorts of information and data and to exploit it for malicious purposes. For example, he or she might be after Social Security numbers, credit card numbers and other related banking information, intellectual property and even the internal data of a business or corporation.

But the corporate sector is just one facet upon which the cyber-attacker has their eye on. The other data gold mine that is in their crosshairs is the United States Federal Government. Obviously, given its gargantuan nature, it possesses a lot of information and data; thus, it must be made secure. Anything hijacked in this regard could prove to be a grave threat to national security.

The federal government has many internal legislations and mandates to protect their datasets. One such example of this is the “Defense Federal Acquisition Regulation Supplement” or simply DFARS for short. This is the focus of this article.

The Origins of DFARS

The CUI is a system that sets the standard for  the handling of unclassified information that cannot be released to the public and other related entities.

In other words, these are data sets that are not top secret in nature, but it does need to be protected from public view by implementation of the proper security controls. This was actually enacted into law by Executive Order 13556, which is also known as the “Controlled Unclassified Information” order. It was passed and signed into law on November 4, 2010. The specific details of this can be seen at this link.

The primary goal of this legislation was to create a set of best practices and standards for the management and safekeeping of the CUI datasets that cut across both civilian and defense agencies that reside within the (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Ravi Das (writer/revisions editor). Read the original post at: