CyberSheath Report Finds Defense Contractors Not Compliant With DFARS Cybersecurity Requirements

A report from a cybersecurity firm found that a majority of defense contractors are failing to meet the cybersecurity requirements set in the Defense Federal Acquisition Regulation Supplement.

According to CyberSheath’s report, most of the defense contractors surveyed lack critical components to their cybersecurity infrastructures. Around 73 percent failed to implement an endpoint detection system and response solution while 79 percent did not have a multi-factor authentication system.

CyberSheath surveyed 300 individuals in defense industrial base companies that have DFARS obligations, are responsible for cybersecurity and are actively seeking Cybersecurity Maturity Model Certification compliance, FCW reported Thursday.

Eric Noonan, CEO of CyberSheath, said the lapses in the DIB’s cybersecurity measures pose a risk to national security as it leaves military secrets unprotected. Noonan added that DIB entities fail to meet basic cybersecurity requirements.

The company’s report also found that 87 percent of defense contractors are failing to meet many of the DFARS requirements and lack vulnerability management solutions and security information and event management resources. These companies score below 70 on the Supplier Performance Risk System.

Over 80 percent of the companies surveyed also said they were having difficulties understanding the government’s cybersecurity regulations.

The CyberShield report comes as defense contractors prepare to meet CMMC compliance requirements. CMMC is designed to protect sensitive information and intellectual property that are maintained by the DIB.

CMMC implementation is expected to start in 2023 and could be fully implemented in 2025, according to Kelser Corp.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Join Us Now