Federal Compliance

DFARSSera-Brynn provides expert cybersecurity compliance analysts to assess your information systems and cybersecurity program against the requirements specified in DFARS 252.204-7012 and NIST SP 800-171.

This may include:

  • Conducting an in-depth technical review of your environment
  • Mapping existing security plans and technologies to NIST 800-171
  • Creating customized policies as required
  • Identifying required solutions or procedural changes
  • Developing required documentation to comply with DFARS 252.204-7012 (SSP and POAM)

Each environment is unique. There is no and cannot be a cookie cutter approach to how your environment meets DoD requirements. Sera-Brynn has years of technical expertise to help you meet compliance.

Our goal is to provide you a way ahead which has the least impact on your business and the least impact on your bottom line.

The assessment and consulting services offered are described to align with:

  • NIST SP 800-171 (Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations)
  • FAR 52.204-21 (Basic Safeguarding of Covered Contractor Information Systems)
  • DFARS 252.204-7008 (Compliance with Safeguarding Covered Defense Information Controls)
  • DFARS 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting)
  • DFARS 252.239-7009 (Representation of Use of Cloud Computing)


Assess, advise on, document, and validate your DFARS compliance.

Description of Services.

1. Kick-off. Sera-Brynn will provide a Letter of Engagement and schedule a kick-off meeting. During the kick-off meeting, Sera-Brynn experts will discuss you and your team, the scope of the engagement, identify key personnel, discuss information sharing methods and ‘rules of engagement’, and schedule subsequent appointments.

2. Information gathering. Sera-Brynn will review your organizational documentation, IT systems configurations, cybersecurity policies and procedures, as well as the results of risk assessments and vulnerability scans. This information gathering phase will provide a baseline understanding of your information systems, architecture, and CUI management.

3. NIST SP 800-171 mapping. Sera-Brynn will map existing plans, procedures, and technologies to NIST SP 800-171 security controls, perform a gap analysis, and advise on system improvements as required.

4. Documentation. Sera-Brynn will develop or update your System Security Plan and Cyber Incident Response Plan to align with DFARS requirements. We will also develop cybersecurity policy documentation as required/requested. Examples include: Acceptable Use, Access Control, Backup, Change Management, Configuration Management, Maintenance, Data/Document Retention, Mobile Device Management, Media Protection, Patch and Vulnerability Management, Physical Security, and Telework.

5. Plan of Action and Milestones. Sera-Brynn will develop a Plan of Action and Milestones, and in collaboration with you and your team, identify and assign tasks to be completed to implement any outstanding security controls.

6. Final Report and Outbrief. Sera-Brynn will provide a Compliance Summary Report and present a final outbrief. During the outbrief, Sera-Brynn will review the results of the engagement and the POA&M and address any remaining issues.

This service can be tailored to fit your needs – it’s not one size fits all.

We’ve been helping clients with Federal and DoD compliance since 2015. Not ready for a conversation? Learn more about NIST SP 800-171 and DFARS 252-204-7012 by reviewing our archives, or download our latest white paper.

The 2019 DFARS Glossary: Cybersecurity Acronyms for Government Contractors