The Honeymoon is Over, Audits are Coming!
The Defense Contract Management Agency is an agency that can often strike fear in government contractors. DCMA conducts audits of government contractors to make sure they are complying with laws and regulations. As of recently, it appears that the DCMA is set to turn its auditing focus toward compliance with NIST 800-171.
NIST 800-171 sets forth steps that contractors must take in order to secure their information systems that house nonclassified sensitive information. Compliance with these standards becomes a legal part of every contract with the Department of Defense considering the NIST standards are incorporated into every contract through the DFARS. If contractors do not maintain their DFARS compliance, they cannot do business with the federal government.
The NIST standards were scheduled to become effective on December 31, 2017. Government officials were adamant that the deadline was firm and contractors would have to immediately be in compliance with the standards; however, prior to that deadline, the government clarified that the deadline only applied to the requirements for a System Security Plan and a Plan of Action. After the December 2017 effective date, there was an update to the standards that clarified a few specific areas. While the update indicated a more relaxed approach to how the DOD would interpret the standards, it also brought the date closer to when these standards would be enforced. DOD is making it increasingly clear that they intend to conduct audits in the near future in this area.
A DCMA audit is a scary experience for many defense contractors. Businesses never quite know when an audit is coming and the DCMA can be relentless. Regardless, a DCMA audit does not have to be a traumatic event for a business. Contractors can start preparing the day they receive the notice that they will be audited.
There are several steps that contractors can take to anticipate and prepare for a potential audit. The good news is that contractors do not need to go at it alone, and can receive help in their DFARS compliance efforts. Matters that address information security can be complicated and time-consuming; however, by hiring the right service provider, a contractor can relieve some of that burden and free themselves up to focus solely on their important business issues.
ComplyUp offers a solution to help government contractors comply with their standards. The company has a compliance solution that can take some of the fear and mystery out of such a sensitive area. Their solution offers contractors a step-by-step method to help them properly follow the standards. By using ComplyUp, contractors will know exactly what is expected of them and can take the necessary steps to avoid any issues if DCMA shows up at their door. ComplyUp’s products rely upon technology in a way that takes some of the uncertainty away and makes it easier to deal with compliance.
When it comes to these NIST standards, you do not need to fear an audit if you have taken the right preparations in advance. Because of the stakes that are at play, it is vital that businesses take the right steps and secure assistance if they need it. When it comes to the existence of a business, it is always better safe than sorry.