The DOD launched DFARS — the Defense Federal Acquisition Regulations System — in 2015 to help ensure that its contractors took the measures needed to protect sensitive data from cybersecurity attacks.

Even with CMMC 2.0 looming in the near future, DFARS is still relevant.

What is DFARS?

The U.S. Department of Defense (DOD) released DFARS Clause 252.204-7012 in 2015, establishing for the first time new cybersecurity requirements for supply chain contractors and organizations in the Defense Industrial Base (DIB).

The new DFARS clause:

  • Aligns with NIST SP 800-171’s 110 cybersecurity controls
  • Was first introduced as a voluntary requirement; today it is mandatory
  • As of 2019, many contractors still were not compliant, leading to the development and release of CMMC 2.0
  • DFARS Clause 252.204-7012 can be found in over one million prime and subcontracts today

What’s the difference between DFARS and CMMC?

Between 2019 and 2021, the DOD released and subsequently revised CMMC to augment and eventually replace DFARS. There are similarities and differences.


  • Both created to protect CUI/other sensitive data
  • Both align with NIST 800-171 controls


  • DFARS allows self-assessment; CMMC 2.0 requires third party
  • DFARS is not tiered; CMMC defines 3 compliance levels

Do you need both

Both DFARS and CMMC are relevant. DFARS Clause 252.204-7012 currently is included as mandatory in many if not most DOD RFIs, RFQs and RFPs, and CMMC 2.0 is expected to become mandatory by mid-2023.

The solution:

Focusing on NIST 800-171 compliance will cover both DFARS 252.204-7012 and CMMC 2.0.

Additional Services

CMMC 2.0

An overview of upcoming CMMC 2.0 requirements

NIST 800-171

The standards that form the basis for DFARS/CMMC

Managed Services

Experts to ensure ongoing compliance and data protection

Assessment Services

Establish where you are and what you actually need

Every solution begins with a conversation.

Contact us today for a no-obligation discussion of CMMC 2.0 compliance, what's required, what you may need and what we can do to provide it. We've helped hundreds of DOD contractors. We can help you.