DFARS compliance

Can I use Encyro to store data subject to Defense Federal Acquisition Regulation Supplement (DFARS) compliance, or data security regulations subject to defense contracts, or related government data?

The requirements of DFARS compliance vary depending on the security level required, which depends on the sensitivity of data being secured.

If only encryption is needed (both for data at rest and for data in transit) Encyro Essentials membership (Free) provides that. However most DFARS compliance levels do require audit trails and so Encyro Pro is required.

Even Encyro Pro does not meet all levels of DFARS compliance. For certain types of data, it must be stored in a data center used only for government data. Encyro can provide a custom quote for you if this need applies to you. We will need to verify that your organization qualifies for hosting in the government-specific data center. To get started, please contact us for a quote. Our price is very likely to be much lower than the alternatives.

Resources

Many organizations are subject to DFARS compliance because they handle Controlled Unclassified Information (CUI). For these situations, the NIST provides a Security Systems Plan (SSP) template and a Plan of Action and Milestones (POA&M) template. Preparing these two documents using the templates linked above will help you demonstrate your organization’s compliance with DFARS for handling CUI. In situations where the government agency or the defense contractor you are serving requires you to obtain third party certification of your compliance, these two documents will both prepare you for the requirements and speed up the certification related audits.