2/11/2022

For GovCons, it can be overwhelming to go through all the steps necessary to comply with the Department of Defense’s (DoD) long-anticipated Defense Federal Acquisition Regulation Supplement (DFARS) Interim Rule. Daston, with a suite of solutions that encrypt Email and Drive services, makes compliance easy by providing products with unrivaled security that inherently comply with these standards.

The DFARS Interim Rule

The DFARS Interim Rule, which went into effect about a year ago, mandates that defense contractors not only perform a self-assessment based on NIST 800-171 but that they also report that score to the DoD. It also implicitly makes the new Cybersecurity Maturity Model Certification (CMMC) framework—to be implemented over the next several years—the law of the land.

All work done by primes and subcontractors subject to the DFARS 252.204-7012 clause now also must adhere to requirements described in the Interim Rule. That includes all defense contractors that handle controlled unclassified information (CUI). Further, as CMMC is implemented, those contractors will need to achieve at least CMMC Level 3.

How Does DFARS Affect GovCons’ Ability to Win Contracts?

The DoD has made it clear that if defense companies do not meet these prerequisites, they cannot be awarded contracts. While the DFARS Interim Rule doesn’t specify minimum self-assessment scores that must be achieved, the DoD will do risk-based assessments to help determine which companies it will award contracts to. If a company has a low self-assessment score, the DoD likely will consider that company to be a higher security risk than an alternative supplier with a better score. Likewise, primes will consider self-assessment scores when evaluating possible subcontractors with which to work, so subcontractors with higher scores are expected to win the work.

Clearly, GovCons are concerned with raising their self-assessment score. Given its weight in both DFARS and CMMC, improving the protection of CUI can help a company raise that self-assessment score quickly. CUI is typically shared in the form of email or files, and thus platforms that protect email and file sharing are key tools in achieving that goal.

Daston’s Products and Services Comply With DFARS

Daston’s solutions support compliance with DFARS, NIST 800-171, and CMMC Level 3 (as well as ITAR). Daston’s encrypted Email and Drive services provide unrivaled security for protecting CUI using the gold standard of end-to-end encryption, which means that email and files are only ever encrypted and decrypted on a user’s device—and never on a server.

Daston can help GovCons quickly improve their level of cybersecurity—and significantly raise their self-assessment score —by protecting CUI. Daston also can work with GovCons to assist them in increasing their self-assessment score by nearly 40 points, thereby offering a significant boost to their ability to win DoD contracts, now and in the future. For the longer term, Daston’s solutions put companies on an accelerated path to achieving CMMC Level 3 and preserving their competitiveness.

Do you need assistance complying with DFARS and other security standards? Contact Daston today for a consultation! Call 703-288-3200.