IS Decisions logo

Meet DFARS compliance requirements

UserLock and FileAudit support DFARS access control and file auditing requirements at the highest levels.

The Defense Federal Acquisition Regulation Supplement (DFARS) is a broad set of rules organizations must comply with if they are contractors or sub-contractors in the U.S. defense industrial base (DIB) and handle controlled unclassified information (CUI).

Launched in 2016, it was prompted by the realization that the weakness of one contractor in securing its networks or handling sensitive data could impact across the supply chain. Securing organizations individually was no longer enough; to be effective, every supplier in the supply chain had to meet the same common standards.

Today, DFARS works as mandatory requirements organizations must abide by at a contractual level as part of the DIB. Although cybersecurity is not its whole focus, this has become an increasingly important element through clause 252.204-7012. This requires alignment with the controls set out in NIST SP 800-171 revision 2 as its guiding cybersecurity principle.

The larger significance of clause 252.204-7012 for cybersecurity is that it replaced a patchwork of regulations, giving contractors one set of rules to abide by.

How UserLock and FileAudit support DFARS requirements in on-premises networks

In terms of meeting DFARS requirements, UserLock and FileAudit tackle different parts of the same on-premises access control problem.

UserLock is an identity and access management (IAM) solution designed to control who is accessing the network during login.

FileAudit, by contrast, is a file auditing software that monitors what files and folders AD users access, and what they do with that access.

How UserLock helps with DFARS

The NIST SP 800-171 element of DFARS is a maze of overlapping requirements but its basic principles are that organizations implement a way to control, authenticate, log and audit the way user accounts access CUI.

UserLock is a good fit for these requirements, offering a suite of user control and monitoring features that implement the principles underpinning DFARS:

  • Enforcing and logging strong context-based access controls by Active Directory (AD) user, group, or OU (organizational unit). IT can control access by IP address, machine, time, and location.

    Screenshot showing the protected accounts screen in UserLock console
  • Makes it easy to enable Active Directory multi-factor authentication (MFA), including for remote connections and to enable on-premise single sign-on (SSO).  

    MFA connection types
  • Tames the problem of concurrent login limits to ensure two machines can't access the same user account at the same time, which is a clear security risk.

    Concurrent session limits
  • Enforcing least privilege with MFA on UAC prompts, adding an extra layer of security on the high-risk privileged accounts often targeted by criminals.

    MFA UAC
  • Alerting admins on unusual access.

    UserLock admin alerts

How FileAudit helps with DFARS

The requirement for file auditing in DFARS relates to NIST SP 800-171. FileAudit ensures contractors meet these requirements by:

  • Limiting access to CUI to authorized individuals, monitoring who accessed which files, when, and from where.

    Statistics user
  • Generating and tamper-resistant retaining logs of user activity covering a range of access events such as user identity, timestamp, read, write and delete activity.

  • Sending alerts to admins if unusual file access patterns are detected, such as mass copying or deletion.

    Mass access alert suspicious file activity
  • Monitoring everything, including cloud platforms such as OneDrive for Business, SharePoint Online, Google Drive, Dropbox Business, and Box.

    Monitor both on premises and cloud
  • Storing logs to meet long-term data retention requirements.

Keep DFARS compliance simple

Frameworks such as DFARS, CMMC 2.0 and NIST SP 800-171 have given organizations in the defense industrial base a lot of extra homework. While the precise demands of each vary, over the next decade the demands will almost certainly continue to tighten in ways that continue to emphasize detailed compliance as a business necessity.

For DFARS, contractors must ensure that their current and future technology aligns as far as possible with its demands.

UserLock and FileAudit offer a firm foundation for achieving DFARS compliance, enforcing basic principles of careful access control, user authentication and logging, and rapid and clear alerting when unusual access or anomalies are detected.