
Rackspace Government Solutions and DFARS Compliance
In 2015, the Department of Defense (DoD) passed a set of safeguarding rules and clauses, under the existing Defense Federal Acquisition Regulation Supplement (DFARS). These standards specify security controls for contractor information systems that handle Controlled Defense Information (CDI) — at both the contractor and subcontractor levels.
These security controls are based on National Institute for Standards and Technology (NIST) standards, detailed in NIST publication 800-171.
DFARS requires non-federal organizations who render services to the DoD or host DoD applications to complete a CDI assessment and report findings to the DoD Chief Information Officer within 30 days of any DoD contract.