Security Encyclopedia

Defense Federal Acquisition Regulation Supplement (DFARS)

The Defense Federal Acquisition Regulation Supplement (DFARS) is an amendment to a set of rules that the Department of Defense (DoD) and similar agencies of the US Government use to oversee the purchasing of goods and services, including technology.

DFARS requirements and regulations are meant to guarantee the integrity of Controlled Unclassified Information (CUI), or sensitive information belonging to the government that third-parties such as suppliers, partners, and trade associations may hold or use.

For any outside organization to do business with the DoD or similar agency, and to handle CUI, it must comply with a set of stringent prerequisites. These cover limits to who can access data, security education and training, audit controls, baseline configurations and configuration management of software and hardware, robust identity and access management (IAM), physical security of the workplace, integrity of personnel, and much more.

Taken together, DFARS requirements have shortened the list of entities capable of accessing large contracting opportunities. They have also placed limits on other organizations such as trade associations that interface with government, partners, and suppliers.


"If you're a midsize company seeking contract opportunities, you're better off partnering with one of the Big Four consulting firms that already have a line into the buyers inside the beltway. A big firm also has its DFARS compliance down to a science."