Resources

decorative arrow

Blog

decorative arrow

What’s The Difference Between FAR and DFARS? 

Compliance

Compliance

Compliance

What’s The Difference Between FAR and DFARS? 

07/2024

5  

min read

Introduction

Companies working in the Aerospace and Defense industry are likely to end up selling their product into the defense supply chain. Consequently, their contracts with customers incorporate flow-down requirements, meaning contractors must familiarize themselves with the Federal Acquisition Regulation (FAR) terms and conditions. Organizations handling Department of Defense (DoD) data must also understand the Defense Federal Acquisition Regulation Supplement (DFARS).

What is FAR?

FAR stands for Federal Acquisition Regulation (FAR) and is the contracting regulation of the Federal Government. Contracts with NASA, the DoD, and other Federal Organizations will incorporate the FAR requirements. Contracting officers are required to have cybersecurity clauses in your contract - most commonly, that is FAR § 52.204-21, which defines IT Security requirements for Federal contracts that process, store, or transmit FCI data.

What is DFARS?

DFARS stands for Defense Federal Acquisition Regulation Supplement (DFARS) and is the defense-specific requirements that dictate how the Department of Defense contracts. The contract clauses your contracting officer incorporates are dependent on the type of data you are expected to handle or create as part of your contract.

The most notable is DFARS 252.204-7012 which dictates how Defense contractors must handle specific types of Defense Data. DFARS 7012 has 4 important components: implementing adequate security, using FedRAMP moderate authorized cloud services, reporting cyber incidents to the DoD, and flowing down requirements to your subcontractors. If you have any questions about these requirements, feel free to book a meeting with one of our cybersecurity experts.  

Conclusion

Overall, understanding the distinctions between FAR and DFARS is crucial for any contractor engaging in DoD contracts. While FAR provides a broad framework applicable to all federal agencies, DFARS introduces additional, defense-specific requirements critical for contractors working with the DoD. Compliance with these regulations and NIST 800-171 and 172 is essential to safeguarding DoD data and obtaining CMMC certification. The foundation of CMMC compliance lies in adhering to the National Institute of Standards and Technology (NIST) Special Publications (SP) 800-171 and 172.

To find out more about CMMC, feel free to download our FREE CMMC Compliance Guide or schedule a meeting with one of our cybersecurity experts!

Related Blogs

View all

decorative arrow

Compliance

Compliance

Compliance

Why Should CMMC Compliance Be A Priority?

07/2024

5 min read

Navigating the complexities of the Cybersecurity Maturity Model Certification (CMMC) can be daunting for any organization doing business with the Department of Defense (DoD).

Compliance

Compliance

Compliance

Top 3 Things To Know About The Cybersecurity Maturity Model Certification (CMMC)?

07/2024

5 min read

The Department of Defense (DoD) has developed the Cybersecurity Maturity Model Certification (CMMC) to enforce the protection of sensitive unclassified information being

Compliance

Compliance

Compliance

4 Steps To Identify Your Current CMMC Level

07/2024

5 min read

Whether you are a long-time contractor or trying to get your first DoD contract, understanding your current CMMC level is a crucial part of your compliance journey.

View all

decorative arrow
Logo image

Become Compliant with NIST 800-171, DFARS 7012, and CMMC Requirements

Talk to an Expert

Address:

575 Market St, 415, San Francisco, California 94105, United States

Contact:

415 231 1110
sales@atomuscyber.com

AboutBlogGuides
WebinarsCustomersPrivacy Policy
© 2024 Atomus Corporation. All rights reserved.