Is Your Company Meeting Department of Defense Standards?

By Tyler Greenwood, Back To Business I.T.

Dayton is a city of many faces – manufacturing, medical, technology, education, but one of the biggest cornerstones of our community is Wright Patterson Air Force Base. Beginning in 2018, the Department of Defense has changed requirements for any business that wishes to engage the Department in work. Compliance with the Defense Federal Acquisition Regulation Supplement (DFARS) clause 225.204-7012 requires contracts to implement National Institute of Standards (NIST) 800-171 standards as soon as practical, but no later than December 31, 2017 in order to protect controlled unclassified information (CUI). The guidelines lay out the security controls required to satisfy Federal Information Security Management Act (FISMA) requirements.

So, what does this mean? Boiled down, the Department of Defense is requiring all contractors to implement a set of standards that protect controlled unclassified data. These security and policy implementations are designed to keep government information safe and out of unwanted hands.

If your business does business with the Department of Defense but hasn’t implemented the needed standards, it’s time to figure this out immediately. It’s possible that your organization already has processes in place that meet some of these requirements, but don’t make any assumptions. Don’t risk losing your contracts! There are already reports of protested contract awards leaving the hands of those who won because the firms weren’t compliant with 800-171. The Government takes this very seriously.

Get your policies in place! Policy helps keep compliance up and the litigation risk down. Government security regulations like the ones described above place great demands on organizations to control and protect government data. The only way to ensure this is done on a consistent basis, across systems and platforms, is to put policies and procedures in place. As it is developed, security policy helps to merge business needs with the security and technology standards and requirements. By putting security policies and procedures in place that reflect an accurate reality between the advantage of moving swiftly and the benefits of being cautious, organizations can ensure they retain the corporate advantage they bring to a project while continually moving forward. Well-designed security policies allow for this vision across multiple projects, no matter the technology, and keep the business drivers constantly at the forefront.

If you need assistance meeting technology standards, turn to a BBB Accredited Business, like Back To Business I.T.