​Lazarus Alliance, a leading cyber security governance, risk, and compliance (GRC) firm, is utilizing Continuum GRC’s IT Audit Machine (ITAM) GRC to perform DFARS NIST 800-71 audits for its clients.

U.S. Department of Defense contractors have until December 31, 2017, to achieve DFARS compliance.

“There’s no reason to believe that the DoD intends to extend this deadline,” noted Michael Peters, CEO of Lazarus Alliance. “Over the summer, the DoD held an Information Industry Day emphasizing the importance of DFARS compliance and reminding attendees that time was running out.”

DFARS compliance is complicated and time-consuming, and time is something our DFARS clients do not have right now.Michael Peters, CEO, Lazarus Alliance

While DoD contractors are already accustomed to adhering to comprehensive security controls for classified systems, DFARS mandates that security controls also cover “Unclassified Controlled Technical Information (UCTI),” a broad term referring to unclassified data. Therefore, many organizations are having to expand their controls to cover additional systems.

“DFARS compliance is complicated and time-consuming, and time is something our DFARS clients do not have right now,” Peters explained. “By using ITAM GRC software to perform DFARS audits, we’re able to remove a lot of complexity from the process and save our clients time and money.”

The cloud-based ITAM GRC software integrates IT governance, policy management, risk management, compliance management, audit management, and incident management. Its user-friendly self-help modules encompass the full spectrum of regulatory and industry data security requirements, including DFARS NIST 800-171. Peters states that, on average, ITAM speeds up GRC assessments and reporting processes by 180% over traditional audit processes.

“Some organizations still use Microsoft Excel to perform IT compliance audits,” Peters noted. “Now that software like ITAM is available to automate the compliance process, that’s like using an abacus to keep your books. When facing compliance with a standard as complicated as DFARS, and running out of time to do it, you can’t mess around with spreadsheets.”

In addition to keeping them qualified to perform work for the DoD, DFARS compliance offers inherent strategic value for service providers. Other public and private-sector organizations know how rigorous DFARS compliance standards are, and they recognize that service providers who comply with DFARS are serious about data security, not just in-house but also on the part of their third-party vendors. DFARS compliance also demonstrates due diligence in the event of legal action or questions of business insurability.

“The majority of data breaches are now being traced back to third-party vendors,” Peters said. “DFARS is the DoD’s way of addressing this problem, and in the end, it’s going to be a good thing for everyone.”


Related Products

Related Articles

Yubico Launches FIPS 140-2 Validated YubiKey Series

June 25th, 2018|

PALO ALTO, Calif. & STOCKHOLM - June 25, 2018 --(BUSINESS WIRE)--Yubico, the leading provider of hardware authentication security keys, today announced the certification and availability of the YubiKey FIPS Series, a new product line that meets the stringent cryptographic security

Alarming Industry Trends Reported in DFARS Cybersecurity Compliance

February 8th, 2018|

SUFFOLK, Va., March 1, 2017 /PRNewswire/ -- Sera-Brynn, LLC, a top-ranked cybersecurity firm, today urged the Department of Defense (DoD) contracting community to immediately begin implementing the cybersecurity requirements mandated by the Defense Federal Acquisition Regulation Supplement (DFARS). Finalized in October 2016, the regulations

SPYRUS, Inc. Security Products to Meet DFARS 252.204-7012 Deadline for the Protection of Controlled Unclassified Information (CUI)

October 16th, 2017|

SAN JOSE, CA--(Marketwired - Oct 16, 2017) - SPYRUS, Inc. today announced the immediate availability of SPYRUS® security products supporting the December 31, 2017 DFARS Clause 252.204-7012 deadline for "Safeguarding Covered Defense Information and Cyber Incident Reporting." Recent guidance from