DFARS Compliance is more than a SSP


The issue:

For the past several years all companies which manage Controlled Unclassified Information (CUI) have been subject to DFARS and NIST 800 -171 cybersecurity rules. 

Many companies, especially smaller companies, have struggled to meet the requirements. The NIST document lays out controls which need to be met by establishing a System Security Plan and a Plan of Actions and Milestones (POAM). Contrary to popular belief compliant activities do not end there. Supporting documents need to be produced and followed to ensure that each company can maintain its compliance. 

How 3Comply can help:

  • Evaluate current state of compliance with DFARS
  • Develop and deploy key plans and procedures  
  • Perform supply chain assessments based on the requirements 
  • Implement programs designed to maintain compliance. 

Fact Sheet: DFARS Compliance is more than a SSP

DFARS compliance is more than a SSP (pdf)