Alarming Industry Trends Reported in DFARS Cybersecurity Compliance

Sera-Brynn, LLC, a top-ranked cybersecurity firm, today urged the Department of Defense (DoD) contracting community to immediately begin implementing the cybersecurity requirements mandated by the Defense Federal Acquisition Regulation Supplement (DFARS). Finalized in October 2016, the regulations impose security and reporting requirements on DoD contractors and subcontractors which must be fully implemented by December 31, 2017. 

Based on their work auditing DoD contractors from 2015 to date, Sera-Brynn reports that the typical contractor is approximately 60% compliant with the cybersecurity requirements of DFARS clause 252.204-7012.  Sera-Brynn also reports that after identifying what components of an organization are within the scope of the law, and identifying what needs to be done to satisfy the law, it typically takes an organization six to nine months to implement necessary changes.  

The DFARS cybersecurity requirements, including multi-factor authentication, endpoint encryption, and continuous monitoring, are mandatory. The regulation clearly tells us how the Government is looking at this: failure to implement this rule equates to harm to national security.

Rob Hegedus,
CEO, Sera-Brynn

The consequences of failing to comply with DFARS 252.204-7012 are numerous, and may include or implicate:

·         Breach of contract clauses in a Government contract or subcontract

·         Liquidated damages

·         Termination for default

·         Termination for convenience

·         Poor past performance ratings by the Government

·         Liability under the False Claims Act

·         Qui Tam / Whistleblower Actions

·         Mandatory disclosure to the Government when contract terms like cybersecurity requirements are not satisfied

·         Suspension / debarment by the Government for failing to make a mandatory disclosure or willfully failing to perform in accordance with the terms of the contract

“The DFARS cybersecurity requirements, including multi-factor authentication, endpoint encryption, and continuous monitoring, are mandatory,” stated Rob Hegedus, CEO of Sera-Brynn. “The regulation clearly tells us how the Government is looking at this:  failure to implement this rule equates to harm to national security.”

For more information, visit https://sera-brynn.com/dfars.

About Sera-Brynn.  Sera-Brynn is a leading cybersecurity audit and advisory firm. The Virginia-based company offers threat management, compliance and risk assessment, risk control, and incident response services that enable clients to secure their computing environments and meet applicable and mandatory cybersecurity regulatory standards.  This technical expertise is the backbone of their DFARS compliance services.  Founded in 2011 by former members of the U.S. intelligence community, Sera-Brynn is ranked #10 worldwide on the Cybersecurity 500 list.

Media Contact

Colleen H. Johnson, Sera-Brynn, LLC, colleen.johnson@sera-brynn.com

Source: Sera-Brynn