Cybersecurity is a vast and complex field, and it’s made more complicated as technology – both infrastructure and in terms of cyberattacks – grows more and more sophisticated. Any large and complex industry grows terminology and jargon like leaves on a tree, and cybersecurity is no different. There are dozens, if not hundreds, of specialized terms that are used in narrow and specific ways throughout the industry.

The Defense Federal Acquisition Regulation Supplement, better known as DFARS, has significance for contractors working with the Department of Defense (DoD). Our intention is to offer a comprehensive perspective on DFARS in the context of cybersecurity, its various clauses, and the intricacies of maintaining compliance as these rules constantly shift and change over time.

We’ve talked a lot about FedRAMP, CMMC, and the typical business/contractor security controls outlined in NIST SP 800-171, but these aren’t the only elements of cybersecurity that the government wants enforced. There are also the DISA STIGS to follow. What are they, do they apply to you, and how can you follow them?