DFARS 252.204-7020

DFARS 252.205-7020 is a regulation implemented by the Department of Defense (DoD) to ensure that contractors that handle Controlled Unclassified Information (CUI) adhere to certain cybersecurity standards. The regulation is part of the Defense Federal Acquisition Regulation Supplement (DFARS) and lays out the NIST SP 800-171 compliance, currently CMMC Level 2, and DoD Assessment requirements.

The regulation applies to all DoD contractors and subcontractors who receive or produce Controlled Unclassified Information, including suppliers and vendors. To comply with the regulation, contractors must demonstrate that they have implemented specific cybersecurity controls and have achieved a certain level of maturity in their cybersecurity practices.

To comply with DFARS 252.205-7020, Defense Contractors must implement a range of technical, administrative, and physical controls to protect their systems and data. These may include measures such as multi-factor authentication, encryption, access controls, network segmentation, incident response planning, and regular security assessments and audits.

At SherTech, our experts will help your business assess your current cybersecurity practices and develop a roadmap to achieve compliance with DFARS 252.205-7020. We work with businesses to identify gaps in their security controls and provide guidance on how to address those gaps. We also help businesses prepare for CMMC Level 2 certification and will stand by you during any DoD Assessments.

Compliance with DFARS 252.205-7020 is essential for any business working with the DoD handling CUI, and we can help businesses navigate the requirements and achieve compliance in a timely and efficient manner.