January 9, 2019

    DFARS Compliance: Steps to Consider for FTP Hosting Services

    Does your organization need to comply with DFARS (Defense Federal Acquisition Regulation Supplement) regulations? The objective of DFARS is to prevent the United States military from being too dependent on raw materials from foreign countries. And complying with these regulations can seem like a major burden, especially when you’re trying to select contractors and subcontractors.

    An amendment has recently been added to DFARS 252.204-7012 to address how digital information is stored. The clause, Safeguarding Covered Defense Information and Cyber Incident Reporting, outlines standards companies should meet. Essentially, DFARS requires all government contractors and subcontractors to meet National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 requirements for cybersecurity.

    Schedule Demo

    Secure File Sharing: Answers to Common Questions

    Are you trying to select a new file sharing solution, but you have a few questions first? Explore these common questions about file sharing solutions and find out their answers.

    Explore Now

    DFARS 252.204-7012 (b)(2)(D) states “If the Contractor intends to use an external cloud service provider to store, process, or transmit any covered defense information in performance of this contract, the Contractor shall require and ensure that the cloud service provider meets security requirements equivalent to those established by the Government for the Federal Risk and Authorization Management Program (FedRAMP) Moderate baseline …”

    If you’re currently using or considering adopting a cloud service provider, there are specific guidelines that address the security standards for these partnerships. What actions should you take to ensure you’re choosing the best solution to keep you DFARS compliant? Explore these actions to help you select the right cloud file sharing host to partner with.

    Partner with a Compliant Host

    Compliance is crucial, but it doesn’t have to be a burden on your entire IT team or the employees sharing files. When you choose a reliable, DFARS-compliant host, you can be sure that they’ll lessen the burden of compliance for you. Not many file sharing solutions have FedRAMP or DFARS compliance measures built in, so this is the first thing you should look for in a partner. When researching Cloud Service Providers, look for one with a standards-based cloud environment and a security program that meet the same regulatory policies and procedures you must comply with.

    Implementation is a concern that many companies have when adopting new solutions. Selecting and implementing a cloud file sharing solution doesn’t have to be difficult when hosts conduct most of the implementation for you. When you partner with a top cloud-based file sharing solution host, they can have your solution up and running within hours of you making your selection. To ensure the adjustment is quick and simple, choose a file sharing host that is well documented and has training support, so your employees know how to use the solution.

    Selecting the right host has a major impact on your DFARS compliance efforts. Talk to each host you’re considering about their compliance capabilities to ensure you’re choosing the right one. Also, many hosts will offer a free demo or trial which gives you an opportunity to see the benefits in person, so it’s wise to sign up for demos with each option you’re considering.

    Select a Solution with Disaster Recovery

    You can never predict when a disaster might occur, so to maintain DFARS compliance, it’s important to have a secondary standby disaster recovery environment in place. Even if the worst happens, like a major earthquake or some other major disaster, you want to be sure that your data can be recovered and that your service will only be interrupted for less than 24 hours. This is essential for maintaining continuity of your organization’s work.

    Talk to the hosts you’re evaluating about their disaster recovery policy and how long it will take to get your solution back up and running if it goes down. You want a solution that is capable of restoring your data dating back to the minute the disaster struck. This way, you can be certain that you’ll never lose data that’s covered by DFARS compliance regulations.

    Engage Configuration Controls

    Not everyone in your organization should have enough access to your file sharing solution to make major system configurations. Talk to your cloud solution host about the access controls afforded to system administrators. Maintaining control of your data is crucial, so you need to ensure that your solution provider offers the necessary controls to keep access limited to approved individuals.

    Make sure the CSP provides FIPS-approved encryption so you can ensure that your files are protected both in transit and at rest. When data is sent using unprotected channels (like sharing a sensitive document via email), a lack of encryption can lead to a hacker intercepting the valuable information. Make sure that with the solution you choose, users are restricted from disabling encryption requirements.

    Educate Your Team

    Your team members probably have even greater influence on data security than your actual file sharing solution does. You could have the most secure file sharing solution in the world, but if your employees don’t know how to use it or how to align with best practices, you still wouldn’t be DFARS compliant. For example, if you have a cloud file sharing solution, yet your employees are still sending sensitive information via email, your data can be compromised.

    There are a couple of steps you can take to ensure your employees are using the solution in an effective and secure way. First, you need to explain why the cloud file sharing solution is a necessity. Noncompliance can come with huge fines for your organization and could put your future as a government contractor or supplier in jeopardy. When your employees understand what is at risk, they’ll be more motivated to comply with regulations.

    Next, you need to create a formal security policy for your organization. This should include guidelines for secure file sharing, secure password requirements, and any other rules with which your team members should comply. You also need to clearly state the consequences of noncompliance, like formal reprimand or termination.

    Your employees are your first line of defense against a data breach, so be sure they are in total alignment with DFARS compliance standards. The expectations outlined in your security policy should be clearly communicated to team members, making them fully aware of the actions they should take on a daily basis to keep data safe.

    To remain DFARS compliant, you need to choose the right file sharing partner. Evaluate your options carefully, and be sure to take these steps. When you do, you can easily comply with DFARS regulations.

    Do you want to learn more about how to ensure your file sharing practices are secure? Explore answers to these commonly asked questions about file sharing. 

    Learn More

    Secure File Sharing: Answers to Common Questions

    Are you trying to select a new file sharing solution, but you have a few questions first? Explore these common questions about file sharing solutions and find out their answers.

    Explore Now
    Tag(s): Government

    Martin Horan

    Martin, Sharetru's Founder, brings deep expertise in secure file transfer and IT, driving market niche success through quality IT services.

    Other posts you might be interested in

    View All Posts