What to do if you have received a DFARS Questionnaire from your Contractor?

Lockheed Martin released New Standards for Complying to Department of Defense (DoD) Specifications. This analysis focuses on their distribution chain and vendors. It provides valuable insight into the compliance process that significant military contractors are doing to keep their DoD contracts. This procedure is critical not just for bigger subcontractors but also for supply chain participants. To acquire contracts, those generating DoD-related income of any amount, or those who aspire to create such profits in the future, must be complying with DFARS.

In the end, it’s a rule that offers an organization an advantage over the competitors because those who win agreements will be required to comply if they aren’t already. Thus, DoD contractors should hire DFARS consultant Virginia Beach as soon as possible.

Lockheed provided numerous thought-provoking, and insightful responses to frequently asked issues, particularly those relating to surveys issued down the supply chain by prime contractors. The topic of whether answering this form is enough to adhere to or merely a way for these larger vendors to start the compliance procedure was discussed.

Is it necessary for a supplier to report Lockheed Martin of their cyber DFARS clause 252.204-7012 level of compliance?

Suppose a vendor fails to comply with the NIST cybersecurity measures stated in the cybersecurity DFARS section 252.204-7012. In that case, the supplier shall notify the DoD CIO office of the non-adherence within 30 days after the award of agreement with LMC. Lockheed Martin must be copied on the DoD letter by the authorized purchasing representative named in the lease or purchase order.

What are the obligations for suppliers in terms of an incident report?

A vendor must disclose an occurrence to Lockheed Martin, Buyer, or Subcontract Administrator (SCA)) and the DoD via the DFAR recommended site within three days of discovery. LM Vendor cybersecurity incident notifications must be promptly reported to the LM CIRT by SPMs, purchasers, and/or SCAs. Let’s remember that the cyber disaster reporting obligations connected with this cyber DFARS provision are in addition to any extra disclosure laws included in the Lockheed Martin-supplier contract.

What distinguishes Lockheed Martin’s cybersecurity questionnaire from the activities mandated by cyber DFARS clause 252.204-7012?

Exostar’s DFARS Cybersecurity survey is designed to get a high-level knowledge of a supplier’s capacity to safeguard sensitive data and handle vulnerabilities. To be clear, completing all of the tasks described in the questionnaire does not meet the cyber DFARS section 252.204-7012 criteria. Suppliers who store or handle CDI are accountable for ensuring that their systems meet the criteria established in cyber DFARS section 252.204-7012.”

So, although a questionnaire itself won’t get you adhering, investing in hours of counseling and contracting to a third party may be too expensive or inefficient for businesses looking for a quick fix in-house. You’ll be up to date if you do DFARS in-house since you’ll have to submit or verify adherence for your new agreements on a regular basis, and to possess that data with evidence that indicates your status is a significant benefit.