DFARS compliance is mandatory for all DoD contractors as of December 31, 2017. DFARS clause 252.204-7008 addresses requirements for safeguarding covered defense information controls in government contractor systems. Covered defense information is a broad term for Controlled Unclassified Information (CUI), which has protection and dissemination requirements. This kind of data is common among DoD contractors and this requirement applies to all contractors regardless of their size. These mandatory controls are detailed in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171: Protecting Controlled Unclassified Information in Non-Federal Information Systems and Organizations. Meanwhile, the General Services Administration has proposed a rule to require civilian contractors to implement the NIST framework. It is expected that all contractors will need to be compliant to protect sensitive financial and personal information.
There are 109 controls in the NIST Special Publication and 19 of them pertain to data storage, data management, data sanitization, encryption, key management, access control, and audit accountability. The SDP2 platform delivers high performance shared storage with FIPS 140-2 Certified key orchestration and data encryption. SDP2 is a drop-in solution you can use to host any virtualized infrastructure, application or file shares without a change to your current workflow.