Spade Technology: Blog

DFARS Compliance Management and Risk Assessments for Government Contractors

Spade Technology Offers DFARS Compliance Management and Risk Assessments for Government Contractors

As part of our service platform, Spade Technology offers comprehensive compliance risk assessment that penetrates both your internal and external IT and data security defenses to determine where your network is weak and needs improvement. Companies and organizations who deal with the Department of Defense (DoD) need DFARS compliance management and risk assessments such as government contractors can get this service from Spade Technology at a fixed, monthly rate.

We help our customers who work with the DoD as government contractors complete their DFARS survey, process and procedures; we also help them plan and meet their annual reporting requirements.

This process happens in three main stages, or steps:

Step 1 – Initial project – analysis everything in environment – gap analysis;

Step 2 – Fixing the Gap analysis;

Step 3 – Ongoing work.

We work closely with you and your department heads, stakeholders, etc. to determine the exact course of action we should take in securing your IT network from prying eyes and cyberattacks.

Sometimes a gap analysis and fixing it can take longer for some than for other networks. Our client-tailored, custom IT security and compliance management solutions take a holistic view of your entire business organization and how its IT needs must be met – then, and only then do we implement open-ended service procedures that stress the phrase “ongoing work” – whether it’s precise monitoring and periodic penetration testing on up to full server virtualization, business continuity planning, etc.

Spade Technology and its team of outsourced IT consultants have all the answers your looking for – on DFARS compliance management, IT security, risk assessments, and much more!

Providing Defense Federal Acquisition Regulation Supplement, or DFARS compliance is an ongoing process, and with the new Rules and Regulations on DFARS compliant countries and entities having been implemented last year (2016), it can be confusing as to exactly who is required to be under DFARS compliance and who isn’t.

Spade can help you determine that. If you’re a private contractor dealing in government contracts and are in doubt, but curious enough to be seeking somebody like us out – chances are good that you will need DFARS compliance management.

Recent Regulatory Changes Under DPAP and DFARS

The Department of Defense is issuing a final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) by providing that contracting officers are not required to further justify a decision to provide customary contract financing, other than loan guarantees and advance payments identified in FAR part 32, for certain fixed-price contracts.

DATES: Effective December 22, 2016.

FOR FURTHER INFORMATION CONTACT: Mr. Mark Gomersall, telephone 571–372–6099.

DoD published a proposed rule in the Federal Register at 81 FR 42607 on June 30, 2016, to revise the DFARS regarding the use of customary contract financing, other than loan guarantees and advance payments identified in FAR part 32, on fixed-price contracts with a period of performance in excess of one year that meet the dollar thresholds established in FAR 32.104(d). DoD has determined that the use of such customary contract financing provides improved cash flow as an incentive for commercial companies to do business with DoD, is in the Department’s best interest, and requires no further justification of its use.

  • Discussion and Analysis

No public comments were submitted in response to the proposed rule. Therefore, there are no changes from the proposed rule made in the final rule.

III. Applicability to Contracts at or Below the Simplified Acquisition Threshold and for Commercial Items, Including Commercially Available Off-the-Shelf Items

This final rule only provides DoD policy regarding providing contract financing for certain fixed-priced contracts. The rule does not add any new provisions or clauses or impact any existing provisions or clauses.

  • Executive Orders 12866 and 13563

Executive Orders (E.O.s) 12866 and 13563 direct agencies to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts, and equity).

E.O. 13563 emphasizes the importance of quantifying both costs and benefits, of reducing costs, of harmonizing rules, and of promoting flexibility. This is not a significant regulatory action and, therefore, was not subject to review under section 6(b) of E.O. 12866, Regulatory Planning and Review, dated September 30, 1993. This rule is not a major rule under 5 U.S.C. 804.

If you’re not up to speed on all this, you’ll want to read all about the latest Defense Procurement and Acquisition Policy (DPAP) regulations and DFARS Procedures, Guidance, and Information (PGI) as well.

Discover IT Vulnerabilities with a Compliance Risk Assessment

Those government contractors (and other covered entities) looking to remain in DFARS compliance can no longer simply install some anti-virus software on their computer and feel safe. Cybercrime grows worse every year and many business networks are already compromised! Is your sensitive data safe? You must know exactly where you’re vulnerable, then strengthen your defenses to stay safe from a compliance violation.

Most networks have vulnerabilities like 3rd party applications that need patching or improperly configured firewalls – to say nothing of risks associated with using mobile devices!

Government contractors can turn to Boston MA IT company Spade Technology for a complete vulnerability and compliance risk assessment that includes:

  • Analysis of existing security products and policies to find vulnerabilities that cybercriminals will exploit.
  • Penetration tests to discover weaknesses using the same methods advanced hackers will use to breach your network.
  • Network-wide assessments to eliminate devices that contain exploitable hardware that’s impossible to protect.
  • Business process assessments to ensure compliance with industry-specific regulations.
  • Creation of a custom protection policy to safeguard against data breaches and vulnerabilities caused by misinformed employees.
  • Initial & ongoing training on safe computing practices to eliminate mistakes that create vulnerabilities within your network.

Ready for Your Compliance Management Risk Assessment?

Spade Technology connects your business to your technology in the most strategically-aligned way. Schedule a complete IT vulnerability and DFARS compliance management and risk assessment now – contact us at (508) 332-4849 or info@spadetechnology.com to get started right away!