If you’re a business with government contracts, DFARs regulations are essential to consider. Staying compliant helps you win and keep contracts with the United States government, which means a lot of business. The Department of Defense spent over 364 billion dollars on private contract work in 2018 alone. Staying DFARs compliant makes you competitive in the market—but it can be challenging to understand the ins and outs of the law.
To begin with, who must comply with DFARs, and what is DFARs compliant material?
In this article, we’re answering common questions about this challenging law. Keep reading to understand what role your business plays in compliance.
What is DFARS compliance?
DFARs stands for the Defense Federal Acquisition Regulation Supplement, a set of standards for the materials and data used in defense-related projects. The supplement goes back to 1947, but rules and standards change regularly depending on global and political factors.
A more recent addition to DFARs is cybersecurity requirements for contractors working with sensitive data. If a company is DFARs compliant, this simply means that their material sourcing and data practices follow the requirements in the latest set of DFARs guidelines.
The goal of the supplement is simple: to protect sensitive government data in the hands of private contractors and to ensure the quality and safety of any materials used in defense projects.
Who must comply with DFARS?
Any company that contracts with the Department of Defense must comply with DFARs. Whether you’re doing a long-term construction project or short-term data management, you’ll need to follow the rules—and provide verification that you’re doing so.
What materials fall under DFARS?
DFARS targets two main areas: sourcing physical materials and security for government data used in projects. Here, we’re taking a closer look at the cybersecurity side of the regulations, and in the next section, we’ll address the physical sourcing requirements.
In the realm of cybersecurity, DFARS compliance means following two key regulations:
1. Provide a secure system
You’ll need to provide “adequate security” for the data you’ll be handling. The National Institutes of Standards and Technology has published a set of standards that clearly defines what “adequate security” looks like in your systems, so make sure you comply with these guidelines.
2. Incident identification
It’s not enough to have reasonable security—you also need a documented system for discovering and reporting any incidents to the DOD. Once you’ve reported and resolved the incident, you need to keep documentation for 90 days.
What is DFAR specialty metals?
DFARS requires that construction contractors source certain metals from a fellow NATO member (with limited exceptions). The metals that fall under DFARS guidelines are:
- Steel
- Zirconium, zirconium alloys
- Metal alloys made of nickel or iron-nickel
- Titanium, titanium alloys
- Cobalt base alloys
In each case, DFARS also sets standards for the percentage of other materials in the metals, so check current guidelines to make sure your sourcing qualifies.
Because specific products may be challenging to source from a compliant country, DFARS provides exceptions for certain materials, instances of national security, and small purchase situations. In general, however, non-compliant metal cannot exceed 2% of total materials.
If you’re a government contractor, you need to pay close attention to current guidelines to stay competitive.
Make sure that you source metals from a compliant nation and get approval for any exceptions. Don’t forget about the data security aspect, as well. Your business needs to be careful with safety, meet the standards laid out for “adequate security,” and make sure you have reporting systems in place.
If you’re struggling to stay compliant with the DFARS data guidelines, we can help. Expedient Technology Solutions offers security solutions that can help you stay up-to-date with even the most stringent requirements. Staying DFARS compliant can be a challenge, but it allows you to accept government contracts without worry—it just takes a bit of planning and forethought.
If you would like to learn more about how Expedient Technology Solutions can help your business stay DFARS compliant, please contact us.