Today, more than ever, the Department of Defense (DoD) relies upon external contractors to carry out a wide range of missions and shares sensitive data with these entities. Under an interim rule issued in 2015 by the Defense Federal Acquisition Regulation Supplement (DFARS), DoD contractors (including small businesses) must adhere to two basic cybersecurity requirements:
(1) They must provide adequate security to safeguard covered defense information that resides in or transits through their internal unclassified information systems from unauthorized access and disclosure; and
(2) They must rapidly report cyber incidents and cooperate with DoD to respond to these security incidents.
Failure to comply with the above requirements may prevent you from being able to conduct business with the DoD as of January 1, 2018!
NIST Interagency Report 7621 Rev. 1
If you are a supplier to DoD and have questions regarding compliance, contact IMC at info@imcpa.com or call 570-329-3200×8074.