September 20, 2017

Securing the DoD Supply Chain within the DFARS Compliance Deadline of Dec. 31

Jeff Hunter

As a number of recent events have shown us, the global supply chain is dynamic, growing in size and complexity, and is vulnerable to a host of threats and hazards such as natural disasters, accidents, or even malicious attacks. So it’s not surprising that according to estimates by the SANS Institute up to 80 percent of all cyber breaches may have originated in the supply chain.

And, of particular concern for the government supply chain, are the most damaging threats to critical IP and systems that can adversely impact government missions, including; counterfeit parts, espionage through compromised devices, reverse engineering, intellectual property theft, and denial of service attacks.

Securing the global supply chain, while ensuring its smooth functioning, is essential to our national security as well as domestic and international economies. As an important step in addressing this critical need, 109 new cybersecurity technology and security policy requirements have been established through the Defense Federal Acquisition Regulation Supplement (DFARSNIST SP 800-171 supply chain program that address managing and protecting defense and controlled unclassified information (CUI) through standardization of security technology and procedures. Department of Defense (DoD) suppliers have until December 31, 2017 to become compliant with these requirements or risk losing current and future contract awards with the government.

With the deadline fast approaching, many organizations within the DoD supply chain are racing to find solutions to the 53 technology and 56 policy based requirements. Many businesses are struggling, especially small and medium sized organizations, with a lack of resources to address NIST SP 800-171 on their own.

A 2016 report from the National Cybersecurity Alliance found that 59 percent of small and medium businesses interviewed don’t have a contingency plan in place for reporting and responding to breaches. And, the U.S. Small Business Administration reported for FY2017 the DoD targeted small businesses as 34 percent of the overall subcontractor awards goal. This number can easily represent hundreds, or even thousands, of critical DoD suppliers that deliver essential software and systems that support warfighters in theater.

Forcepoint Is Simplifying the Path to Compliance

To help suppliers address the need for compliance before the year-end deadline, Forcepoint has partnered with security industry leaders to deliver an all-encompassing NIST SP 800-171 solution path.

Forcepoint’s NIST SP 800-171 solution offers government contractors of any size a pre-configured package of hardware and software tools that enable businesses to quickly deploy a secure platform specifically designed to address the technology controls defined by NIST. Today Forcepoint is the only company bringing together best-of-breed partners to deliver a comprehensive NIST SP 800-171 offering, including: Forcepoint’s category-leading Next-Generation Firewall (NGFW) and Data Loss Prevention (DLP) security products, GigaTrust’s world-class GigaCloud Software as a Service (SaaS) technology, Raytheon Cyber Services’ evaluation and assessment capabilities, and ICM’s implementation and customer care expertise.

To learn more about the Forcepoint NIST SP 800-171 Supply Chain solution and requirements for DoD suppliers visit the resource links below:



About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.