DFARS Compliance

Get an IT Assessment

Have you ever come across the term DFARS compliance? If you become involved in a contract with a government agency, chances are you have or will.

The United States Department of Defense requires that every government contractor follow the Department of Defense Federal Acquisition Regulation Supplement (DFARS). This helps ensure that contractors don’t try to cheat or rip off the government.


What Is DFARS Compliance?

The Department of Defense Federal Acquisition Regulation Supplement (DFARS) refers to a U.S. federal government regulation that applies to all government contractors and subcontractors.

It provides guidance on how to comply with the FAR and other government regulations. It helps companies protect themselves from potential fines and penalties.

DFARS compliance falls into two parts:

  • Part 1 contains general provisions that apply to all contracts.
  • Part 2 contains specific provisions for each contract type. The provisions in Part 2 are in contract-type categories so that contractors can easily find the language that applies to them.

Minimum Requirements for DFARS 252.204-7012 Compliance

Every government contractor must meet the minimum requirements for DFARS 252.204-7012 compliance. The most essential include:

  • Cooperating with the Department of Defense (DoD) in the event of a cyber-incident: This includes reporting all hacking, spyware, or malware incidents promptly to enable the Department of Defense to respond to these incidents.
  • Providing adequate security: This safeguards Department of Defense information on your servers from hackers and other unauthorized persons.

In addition, government contractors must also ensure the following to maintain their DFARS compliance:

  • All contractors must have a corporate culture that fosters ethical behavior and compliance with the law.
  • All contractors’ employees, including subcontractors and others who perform work on behalf of the company, must be aware of their responsibilities.
  • Contractors must have policies in place that address conflicts of interest and other potential abuses of their position.
  • Contractors must maintain records that support their claims and processes.
  • All contractors must ensure an annual training program on ethics and the code of conduct for all employees, including contractors and subcontractors.

DFARS Compliance Checklist: What Do You Need to Do to Be DFARS 7012 Compliant?

Let’s review the essential steps to take to ensure your organization’s DFARS compliance:

Calculate Your Organization’s DFARS Applicability

DFARS is a set of regulations that govern the use of technology by the United States government. The regulations exist to protect national security and protect against foreign threats. To determine if your organization is subject to DFARS, you must calculate your organization’s applicability. This requires determining whether:

  • Your organization is a prime contractor on a contract over $150,000.
  • Your organization has employees who work under a time-based or flat-rate work order for more than six months at one time.
  • Your organization uses technology developed with government funding.

Build a Remedial Plan

The first step in building your DFARS compliance remedial plan includes identifying the areas where you have received a citation and assessing each citation’s severity. This will help you determine whether you need to develop a full-blown remediation plan or if you can simply address each issue on its own.

Once you determine which citations require more than one response, you’ll want to create a comprehensive plan that outlines what needs doing, when it needs completion, how much it will cost, who will do it, and how long it will take.

Implement Your Remedial Plan

This critical step ensures that you protect your company from violating the DFARS regulations. If you have not yet implemented a remedial plan, or if the one you have in place is outdated, you need to act now.

The Department of Defense requires that all companies with contracts worth more than $150 million have a remedial plan before proceeding with their contract work. This remedial plan must include an assessment of potential risks and vulnerabilities and specific actions that will help mitigate these risks.

If your company was awarded a contract worth more than 150 million dollars but does not yet have a remedial plan in place, please contact the DFARS compliance consultants at Succurri, so they can help draft one for you.

Continuously Monitor Your DFARS Compliance

You must constantly monitor your DFARS compliance to ensure you stay compliant with the regulations. This is not a one-time check but rather a continuous process that you need to consistently work on.

By monitoring your DFARS compliance, you will ensure that you remain in line with the latest changes and updates to the regulations, as well as ensure that your company does not inadvertently break any rules or lose out on valuable contracts.

Non-Compliance Penalties

Penalties for non-compliance penalties depend on the nature of the non-compliance.

The Department of Defense applies a basic set of penalties in Federal Acquisition Regulation Supplement 199-1 DFARS, which applies to all DoD contractors below the simplified acquisition threshold of $100,000.

Penalties for DFARS non-compliance can include:

Breach of Contract Damages

If you are in breach of contract by failing to comply with the DFARS, you could be liable for breach of contract damages in addition to any other penalties that the court may impose.

False Claims Act Damages

False claims act damages come in at $5,500 per false claim or $11,000 per occurrence (whichever is greater).

Civil Penalties

Expect to pay $10,000 per violation, with an annual maximum of $100,000 for all violations of a particular requirement or obligation.

Criminal Penalties

The government may impose criminal penalties against individuals who knowingly and willfully violate any provision of DFARS compliance. The maximum criminal penalty the government may impose upon an individual includes imprisonment for not more than 10 years or a fine of not more than $250,000, or both.

Speak With a DFARS Compliance Advisor Today

Looking for experienced, knowledgeable, and professional DFARS compliance firms to answer all your questions? At Succurri, we offer DFARS compliance consulting to ensure that your business adheres to governmental IT compliance requirements and avoids cyber incident reports at all times.

Let us help ensure your company maintains its reputation by complying with the DFARS guidelines. Call us today to book a free IT assessment.




Search Blogs

Subscribe to Our Blog

Talk to a Consulant


Susan L.

We realized that our business needed more from our technology than we were getting. It seemed like things were always needing fixing or breaking at just the wrong times. We thought we were saving money by having one of our employees support our IT. When we looked at how we were pulling him away from his core responsibilities, how often we were down because of an issue and the knowledge we just didn't have in house, we were actually spending enough money to afford a professional IT partner - Succurri IT. They provided us with a technology assessment and visited our office before coming up with a plan for us. They helped us get our IT department in order and modernized. We are in a different place and extremely happy with the predictability we now have.

Susan L.

Blog Categories