WHAT IS CUI?
Controlled Unclassified Information encompasses many different types of sensitive, but not classified, information. Personally identifiable information such as health documents, proprietary material and information related to legal proceedings would all count as CUI.
WHAT IS DFARS?
DFARS is the Defense Federal Acquisition Regulation Supplement that lists a minimum set of technology security standards for the basic safeguarding of contractor information systems that process store or transmit Federal contract information.
HERE’S AN EXAMPLE:
You own a HVAC business and you’re working on a series of buildings at Fort Meade. The plans and schematics of that system is considered CUI and could be valuable to hackers abroad. Those hackers know the government’s information systems are well protected. They also know that your network is not held to the same standard. They can and will attack your network to obtain that information. DFARS compliance closes the loophole in the eyes of the Feds.
HOW TO BECOME DFARS COMPLIANT:
The set of minimum cybersecurity standards are described in NIST Special Publication 800-171 and broken down into fourteen areas: