Meet DFARS compliance requirements

The Defense Federal Acquisition Regulation Supplement (DFARS) is a broad set of rules organizations must comply with if they are contractors or sub-contractors in the U.S. defense industrial base (DIB) and handle controlled unclassified information (CUI).

Launched in 2016, it was prompted by the realization that the weakness of one contractor in securing its networks or handling sensitive data could impact across the supply chain. Securing organizations individually was no longer enough; to be effective, every supplier in the supply chain had to meet the same common standards.

Today, DFARS works as mandatory requirements organizations must abide by at a contractual level as part of the DIB. Although cybersecurity is not its whole focus, this has become an increasingly important element through clause 252.204-7012. This requires alignment with the controls set out in NIST SP 800-171 revision 2 as its guiding cybersecurity principle.

The larger significance of clause 252.204-7012 for cybersecurity is that it replaced a patchwork of regulations, giving contractors one set of rules to abide by.

In terms of meeting DFARS requirements, UserLock and FileAudit tackle different parts of the same on-premises access control problem.

UserLock is an identity and access management (IAM) solution designed to control who is accessing the network during login.

FileAudit, by contrast, is a file auditing software that monitors what files and folders AD users access, and what they do with that access.

The NIST SP 800-171 element of DFARS is a maze of overlapping requirements but its basic principles are that organizations implement a way to control, authenticate, log and audit the way user accounts access CUI.

UserLock is a good fit for these requirements, offering a suite of user control and monitoring features that implement the principles underpinning DFARS:

• Enforcing and logging strong context-based access controls by Active Directory (AD) user, group, or OU (organizational unit). IT can control access by IP address, machine, time, and location.

  

• Makes it easy to enable Active Directory multi-factor authentication (MFA), including for remote connections and to enable on-premise single sign-on (SSO).  

  

• Tames the problem of concurrent login limits to ensure two machines can't access the same user account at the same time, which is a clear security risk.

  

• Enforcing least privilege with MFA on UAC prompts, adding an extra layer of security on the high-risk privileged accounts often targeted by criminals.

  

• Alerting admins on unusual access.

  

The requirement for file auditing in DFARS relates to NIST SP 800-171. FileAudit ensures contractors meet these requirements by:

• Limiting access to CUI to authorized individuals, monitoring who accessed which files, when, and from where.

  

• Generating and tamper-resistant retaining logs of user activity covering a range of access events such as user identity, timestamp, read, write and delete activity.

• Sending alerts to admins if unusual file access patterns are detected, such as mass copying or deletion.

  

• Monitoring everything, including cloud platforms such as OneDrive for Business, SharePoint Online, Google Drive, Dropbox Business, and Box.

  

• Storing logs to meet long-term data retention requirements.