to top

View Report Access the FY 2017 Defense Spending Report

DFARS Cybersecurity Requirements

All Department of Defense (DoD) contractors that process, store or transmit Controlled Unclassified Information (CUI) must meet the Defense Federal Acquisition Regulation Supplement (DFARS) minimum security standards by December 31, 2017 or risk losing their DoD contracts.

DFARS Safeguarding riles and clauses, for the basic safeguarding of contractor information systems that process, store or transmit Federal contract information. DFARS provides a set of “basic” security controls for contractor information systems upon which this information resides. These security controls must be implemented at both the contractor and subcontractor levels based on the information security guidance in NIST Special Publication 800-171 “Protecting Controlled Unclassified Information in Non-Federal Information Systems and Organizations.” The DFARS cybersecurity rile and clauses and be found at

NIST MEP resources for DFARS cybersecurity requirements

National Institute of Standards and Technology (NIST) Manufacturing Extension Partnership (MEP) has developed resources for small manufacturers as they respond to the DFARS cybersecurity requirements. Resources include a set of frequently asked questions, a handbook that is a step-by-step guide to assessing a manufacturer’s information systems against the security requirements in NIST SP 800-171 rev 1, and information on how the MEP National Network can provide assistance to small manufacturers seeking reduction of their cyber risks and DFARS compliance.


You are now leaving

Are you sure you want to proceed?

Yes No, return to