Should DFARS Compliance be treated differently than every other compliance assessment? No.

By John Kipp, COO Sera-Brynn

DFARS 7012 is one of numerous compliance criteria Sera-Brynn assesses for clients across the country. They include manufacturing, ship repair, logistics, technology development, extremely large consulting firms, and more. Like industry-specific compliance criteria in other market verticals, we employ the full technical breadth of our security engineers to assist them in meeting and maintaining mandatory cybersecurity compliance criteria. Our same team of engineers that can track down and recover the theft of domestic funds from a financial instruction in the US to a foreign bank account can perform the necessary security tests to meet the intent of DFARS compliance criteria.

DFARS, however, is somewhat unique among other compliance mandates in that it is not necessarily approached as a risk transfer activity. That is a disservice, and a liability, to the companies needing assistance.

Compliance advisory services inherently imply a transfer of risk. This is no less true for DFARS 7012 compliance.

Regulatory compliance is not becoming less complex, and it definitely isn’t slowing down. There are numerous other regulatory compliance criteria on the horizon, some international in scope, some federally mandated and others enacted at the state level, that will directly affect dissimilar industry verticals throughout the marketplace.

If companies decide to employ outside help to help meet and demonstrate accordance with mandatory cybersecurity regulatory requirements, the advisory firm should assume some of the risk to warranty the path to compliance. Otherwise, what’s the point?

This is the standard across all other compliance advisory services. When a large retailer needs to assess their PCI-DSS 3.2 controls, they don’t turn to another large retailor for assistance, they commission the support of a PCI Qualified Security Assessor.

Back to DFARS – true, we are not a defense contractor, and we will never be a competitor in the DoD space. However, our team does have vast experience with government/DoD contracting. The bulk of our team (and all senior leadership) has prior military and defense contracting experience at various levels from on-site client support to managing multi-million dollar contracts and entire programs.

In addition to our global audit and advisory services across a multitude of cybersecurity compliance criteria, we are uniquely positioned to understand the defense contracting environment very well and solve the challenges of meeting DFARS 7012 compliance specifically.

About Sera-Brynn

Sera-Brynn is a leading global cybersecurity audit and advisory firm. Founded in 2011 by former members of the U.S. intelligence community, Sera-Brynn is ranked #10 worldwide on the Cybersecurity 500 list and supports government contracting clients across the United States.