DFARS compliance. As a contractor for the federal government, you’ve probably heard the phrase. For those who don’t know, DFARS stands for Defense Federal Acquisition Regulation Supplement. In August 2015, DFARS enacted NIST 800-171, a regulation designed to protect controlled unclassified information (CUI) from being hacked while in the hands of government contractors.
The reality is that IT for DFARS compliance is not too complicated, but it does require intentionality.
DFARS is made up of 14 categories, each with its own set of rules to be followed in order for your business to be considered compliant and secure enough to handle CUI. However, the document can be a little unclear on what the consequences of non-compliance with the NIST 800-171 regulations can include. Let’s clear that up. As a company experienced with IT for DFARS compliance, we can tell you all about the consequences of DFARS non-compliance. That’s part of why high-compliance IT support is so necessary.
Take a look at these six consequences below.
The government contracting world can be extremely competitive. When you submit a proposal and bid for a job, you’re often up against plenty of other worthy competitors. If your company isn’t consistent with DFARS compliance, you’re putting your ability to be considered for these competitive jobs at risk. Without the ability to give your employees work, your business could start circling the drain. Our suggestion to you: get compliant fast.
Think about it from the client’s perspective. You’re one of several companies competing for the job. If you don’t have the best security, why would they pick you when they can choose someone else who has all of your best qualities and excellent security? Becoming DFARS compliant is in your best interest. It keeps you up-to-date with your competitors, and your clients’ information safe.
So, you’ve managed to get the job even though you’re not DFARS compliant. Or, more likely, you’ve gotten the job because you can say you’re DFARS compliant, but your security just isn’t that amazing. Let’s be honest. It’s barely compliant.
In situations like this, you’re leaving yourself open to horrible performance reviews that can tank your business worse than proposal exclusion. Now that client has started working with you, they aren’t happy with your levels of security – and if you don’t shape up soon, you’re out.
But the worst part of adverse performance reviews is that it makes it harder for you to get the next job.
Speaking of getting the next job, without DFARS compliance, you could be fired from this one. For those who may not know, termination for default is when the Government exercises its right to completely or partially terminate a contract because the contractor failed to uphold its contractual obligations—in this case, DFARS NIST compliance.
Because NIST was first introduced in 2015, and has been enforceable since 2017, nearly all government contractors are required to uphold NIST compliance in their contracts. If you’re currently working a government job and aren’t following the latest security regulations, take another look at your contract. You’re probably carrying out a pretty serious breach of contract.
Criminal fraud. It’s not a phrase that any government contractor wants to hear when it comes to their business. But it can occur if a contractor claims to be DFARS NIST compliant but isn’t. However, this can only occur if the contractor knows the business is not DFARS compliant but represents it as though it is.
When criminal fraud occurs, you can face some serious jail time—anywhere from one to ten years. The variation depends on the scale of the crime and the discretion of the judge. Don’t risk jail time for criminal fraud. Make sure your company is DFARS and NIST compliant.
The False Claims Act is another approach to fraudulent government contractors who attempt to pass off their business as DFARS and NIST compliant. The act is also known as the “Lincoln Law,” and if you do get dragged into court for fraud, you’ll probably begin to learn a lot about it. It’s the government’s primary litigation tool against contractual fraud.
The False Claims Act includes a provision that allows whistleblowers – those not related to the government – to accuse contractors of serious transgressions and file actions on behalf of the government. This occurs quite often and is the main way to trigger the False Claims Act.
Instead of jail time, being on the losing end of a False Claims Act results in huge monetary fines. These fines range from $5,000 to $11,000 per claim. They can add up very fast and result in huge financial struggles for your business.
Breach of contract lawsuits affect subcontractors as well as contractors and can result in both fines and jail time. This is very similar to termination for default, as both can be brought to bear for failure to uphold a contract. However, instead of just losing the job, the government can attempt to recoup their financial costs or enforce the terms of contract.
While this doesn’t result in jail time, the financial recuperations are often quite expensive, and that’s not even considering the cost of the lawsuit itself. On top of the financial consequences, consider the damage to your reputation when a public lawsuit is brought against you. Whether you win or lose, your reputation will still be tarnished and you’ll find it exponentially harder to continue winning contracts.
These consequences are no joke. They can directly affect the livelihood of your business, and therefore the lives of your employees and their families. On top of the consequences, if you want your business to become the best, DFARS compliance is a great first step. Make your clients feel secure in your IT network security. Once they know that their CUI is in safe hands, you’ll have a competitive edge.
With Swift Systems’ support, you’ll get IT you and your government clients can count on. Don’t wait until it’s too late and you find yourself face to face with the consequences. If you want to become DFARS compliant, contact Swift Systems today.
IT systems are foundational to modern businesses. Too often, that foundation is unsteady. Unpredictable outages, insecure networks, and unreliable performance from mission-critical systems can jeopardize your entire business.
There’s a better way. Learn how.