The Defense Federal Acquisition Regulation Supplement (DFARS) applies to contractors doing business with the U.S. Department of Defense (DOD). It is an expansion of requirements established by the Federal Acquisition Regulation (FAR), which applies more broadly to companies completing work for any federal government agency. Among other stipulations, DFARS establishes minimum requirements for cyber security and dictates which countries can supply specialty metals to DOD contractors and subcontractors. Non-compliance can result in significant damage, including lost contracts, breach of contract damages, fines and reputational damage.
Understanding Your Requirements
Companies in the aerospace and defense industry are particularly impacted by DFARS. Learn more in our eBook, Navigating the Compliance Landscape: Aerospace & Defense.Download the Ebook
Requirements for Companies Under DFARS
All companies contracted or subcontracted to provide the DOD with products or services may be in scope of DFARS. Historically, prime contractors were responsible for ensuring their subcontractors met requirements through their contractual provisions. More recently, the DOD has instituted “programmatic” flowdowns that obligate due diligence and assessment of suppliers’ programs. For example, companies that manage information related to DOD-owned designs and/or purchases must now meet a minimum standard of cyber security, as established by the National Institute of Standards and Technology (NIST), specifically NIST SP 800-171, and Cybersecurity Maturity Model Certification (CMMC). Conformance with these standards must be demonstrated and vetted by parties benefiting from a DOD contract award.
Additionally, companies using specialty metals, such as steel, titanium or certain alloys, must ensure those metals are melted or produced in the U.S. or countries permitted by DFARS. A list of qualifying countries can be found here. The restriction applies to all components used in the end product or as part of an end-product component for:
- Missiles or space products.
- Tanks or automotive items.
- Weapon systems.
For more information about DFARS and your compliance requirements, visit the Defense Pricing and Contracting website.
- Secure, automated data collection, validation and management that meets NIST standards.
- Efficient surveying of suppliers for source of origin data concerning specialty metals.
- Increased effectiveness of supply chain communications through a user-friendly submission portal.
- Demonstrable proof of due diligence.
- Integrated Assent University compliance learning management system.
- Improved legal and reputational protection through proactive compliance.
- …And more!