What is DFARS?
Defense Federal Acquisition Regulation Supplement: The Catalyst for CMMC & NIST SP 800-171
While there are many DFARS requirements that may affect your organization the following Defense Federal Acquisition Regulation Supplements regarding Cybersecurity and the protection of controlled unclassified information (CUI) are important to understand and adhere to if your company generates any revenue either directly or indirectly from the Department of Defense (DoD) or any DoD-related organization.
DFARS 252.204-7008
Compliance with Safeguarding Covered Defense Information Controls
Key Points:
- Requires 252.204-7012 security requirements to be implemented for all Covered Defense Information on all covered contractor information systems.
- Introduces NIST SP 800-171 requirements Via DFARS 252.204-7012
Meet your DFARS requirements with the NeQter Compliance Engine:
- Understand your NIST SP 800-171 requirement with our built in compliance best practices.
- Get a baseline on your compliance posture by performing a self assessment using the built in assessment tools.
DFARS 252.204-7012
Safeguarding Covered Defense Information and Cyber Incident Reporting

Key Points:
- Organization must protect controlled unclassified information (CUI) in accordance with NIST SP 800-171.
- Organizations must report cyber incidents to the DoD within 72 hours of discovery.
Meet your DFARS requirements with the NeQter Compliance Engine:
- Monitor and collect logs from all systems handling CUI with the NeQter Security Information and Event Management Tool.
- Utilize our built in alerts and reports to quickly identify suspicious activity. Retain NeQter Log archives for incident investigation.
DFARS 252.204-7019
Notice of NIST SP 800-171 DoD Assessment Requirements
Key Points:
- Notifies all DIB contractors that they must perform a self-assessment based on the DoD Assessment Methodology a minimum of once every 3 years.
- All DIB contractors must have a current and accurate score posted in the DoD Supplier Performance Risk System.
Meet your DFARS requirements with the NeQter Compliance Engine:
- Perform your self assessment and maintain your proof points within the NeQter Labs Compliance Tool. Keep you SSP under revision control and prove your progress to an assessor.
- Automatically calculate your SPRS score using the built in Scoring System based on the DoD's official Assessment Methodology (DoDAM).

DFARS 252.204-7020
NIST SP 800-171DoD Assessment Requirements

Key Points:
- Requires contractor to perform and submit a self assessment of their compliance against NIST SP 800-171 in accordance with the DOD Assessment Methodology.
- Requires contractors to flow down requirement to their subs and suppliers.
Meet your DFARS requirements with the NeQter Compliance Engine:
- Utilize the NeQter compliance guide to jumpstart the self assessment process.
- Meet 90+ assessment objectives out of the box with the NeQter Labs Compliance Engine.
DFARS 252.204-7021
Cybersecurity Maturity Model Certification Requirements
Key Points:
- Contractors must pass a CMMC assessment and certification must be present at time of award.
- Certification must be renewed via a new assessment every 3 years.
- Requires contractors to flow down requirement to their subs and suppliers.
Meet your DFARS requirements with the NeQter Compliance Engine:
- Our All-In-One solution deploys in hours and contains the tools you need to achieve compliance with CMMC: Security Information and Event Management (SIEM), Vulnerability Scanning, Inventory Management, Active Threat Monitoring and much more.
- Meet 90+ CMMC assessment objectives out of the box and address all of your requirements using the built in System Security Builder with implementation guidance.
- Use the NeQter Labs compliance tool to streamline your assessment and prove compliance with CMMC at the assessment objective level.
