Defense Federal Acquisition Regulations Supplement (DFARS)
The United States federal government maintains a long list of protocols for how it goes about buying equipment and supplies for its various agencies and projects. These rules are laid out in the Federal Acquisition Regulations (FAR). The Defense Federal Acquisition Regulations Supplement, or DFARS, is the subset of FAR that deals with procurement for the Department of Defense (DoD). Included in DFARS are several sections delineating the obligations of DoD contractors on safeguarding digital information. Since the initial release of rules on data security came out some five years ago, DoD has regularly updated and modified requirements on storing, transmitting, and otherwise processing “controlled information”, i.e. sensitive information with military applications.
DFARS applies to any enterprise interested in contracting with the Defense Department. This applies whether the company is selling products to DoD or providing a service.
First and foremost, the goal of DFARS is to protect government data in the hands of contractors. Defense companies often have access to some of the most sensitive information, dealing with everything from cutting-edge weapons platforms, to new information and computing systems. This fact has made defense contractors prime targets for cyber criminals. Thus DoD demands higher security standards for any firm seeking to do business with them.
The second factor driving the regulations is threat awareness. The US government wants to be updated on the actors targeting federal data exploitation. A large part of DFARS rules on cyber deal with disclosure of data breach which includes reporting the type of incident, as well as which malicious programs or tactics were used in an attack.