The DoD Under Secretary for Acquisition and Sustainment has confirmed the Pentagon is increasing cybersecurity requirements for contracts, especially in the supply chain area where DFARS compliance is necessary.
Nashua, NH, November 13, 2018 –(PR.com)– This past week, Ellen Lord, the DoD Under Secretary for Acquisition and Sustainment, said the Pentagon is going to bolster the “absolutely critical” cybersecurity requirements for future contracts, as well as look into how to apply those restrictions retroactively. In making this announcement, Undersecretary Lord moved forward on remarks a month ago by Deputy Defense Secretary Pat Shanahan who said that prime defense contractors have a “responsibility to manage the supply chain” and noted their failure to do so is “where we have real gaps in security.”
In response to this announcement, William O’Brien, president of RegDOX Solutions Inc., a company specializing in technology and services, including IT assessment audits that address the requirements of such regulatory regimes as the ITAR (International Trafficking in Arms Regulators) and the cyber-security requirements of the DFARS (Defense Federal Acquisition Regulations Supplement), noted that,
“As we have worked with small and medium-sized companies in the DoD supply chain to assist them in assessing and complying with cyber-security obligations under the DFARS, including the controls outlined in NIST (SP) 800-171, we have encountered a great deal of confusion. Companies realize that these obligations are presented in mandatory terms, but then find silence and lack of official or supply chain direction when they ask about compliance deadlines and non-compliance consequences. It will be helpful to all to know that this confusion is coming to an end and the time for compliance has come. The Defense Department should continue to emphasize that a failure to do so will have real and uniform consequences for each company and its competitors. It is important that the industry is given a fair warning so that individual companies are not surprised by enforcement activities.”
RegDOX Solutions is dedicated to assisting SMEs through gap analyses, plans of actions and milestones, and DFARS-compliant storage and collaboration applications so that they won’t lose contracts or encounter penalties due to a lack of DFARS cybersecurity compliance. Companies can quickly reach us through our website (www.RegDOX.com), by email (RegDOX.Sales@RegDOX.com), or telephone (603-589-4830).