Compliance Services

DFARS Services

DFARS Compliance Services

Contractors and subcontractors that work on Federal contracts for the Department of Defense (DoD) must demonstrate their ability to maintain the security and privacy of Controlled Unclassified Information (CUI). To demonstrate compliance, the Department of Defense has required these individuals and organizations to comply with the requirements outlined in the Defense Federal Acquisition Regulation Supplement (DFARS).

What is DFARS?

DFARS specifies the requirements, related to controlled unclassified information, that any contractor or subcontract that works on a DoD contract must adhere to relative to their information systems. As a part of this requirement, the the prescribed requirements for an organization to assess against comes from NIST SP 800-171 - "Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations".

DFARS Core Requirements

According to NIST SP 800-171, there are 14 control families and associated controls that must be implemented and documented. Those 14 control families include:

NIST 800 171 Control Areas V 2

Compass IT Compliance Services

  • NIST SP 800-171 Risk Assessment - Assess your current level of compliance with NIST SP 800-171, identify gaps in controls, and identify key work areas that your organization must address to achieve and/or maintain compliance with the framework
  • NIST SP 800-171 Audit - Our experienced, certified IT Auditors will examine your IT controls mapped against NIST SP 800-171 requirements, obtain evidence to determine if the controls are operating effectively to achieve your organization's objectives and satisfy framework requirements, and provide attestation of audit along with remediation strategies. A deeper dive assessment compared to the NIST SP 800-171 Risk Assessment, the NIST SP 800-171 Audit will include evidence sampling
  • NIST SP 800-171 Advisory Services - Work with your organization and tailor our project to your specific needs to address any concerns that you have related to NIST SP 800-171, assist in the implementation and updating of policies and procedures, or assist in assessing the risk your third party providers pose related to NIST SP 800-171

As information security and the protection of controlled unclassified information continues to be of concern, choosing the right partner to assess your organization's internal controls can mean the difference between being awarded a DoD contract or missing out. Contact us today to learn more about how we can assist your organization with DFARS compliance through NIST SP 800-171.

Related Resources


NIST SP 800-171 Webinar Recording

NIST Blog Posts

Contact Us