The Defense Federal Acquisition Regulation Supplement (DFARS) provides security standards for the processing, storage and transfer of unclassified information.

DFARS stresses not only providing adequate security, but also the immediate reporting of any breaches and other cyber security incidents. The standards must be continuously monitored and improved. The DFARS standards are based on NIST Special Publication 800-171. Contractors working for the Department of Defense have 72 hours in which to report any potential breaches. The Department of Defense has a portal on which reports of incidents can be submitted.

In order use the portal, you will have to have a medium assurance certificate, which contains digital identity credentials that are loaded on a hard drive and cannot be transferred between computers.

Contractors for the Department of Defense must prepare s System Security Plan. NIST provides an example of such a plan.