Being awarded a DoD contract can be extremely lucrative. Defense contractors can rely on a steady stream of revenue and position themselves as an integral link in the defense supply chain. However, there are many hoops to jump through when working with the government, and they put the burden of learning how to jump on you.
With the DoD, they put a lot of information into your contract, but what you might not have realized is that you are expected to uphold the DFARS or Defense Federal Acquisition Regulation Supplement as well. It's on your company to educate yourselves on the DFARS and conduct business according to both it and your contract. This understanding is commonly referred to as the Christian Doctrine.
What is the Christian Doctrine?
The decision in G.L. Christian & Associates v. United States in 1963 to deny G.L Christian anticipated profits from a terminated contract and rely on the termination for convenience clause in the FAR created the Christian doctrine. The court held that certain clauses are so integral to public procurements that they are deemed incorporated by operation of law, even if they are omitted from the contract. Since that integral case set this precedent, it was named for G.L Christian.
What does this mean for your business?
Basically, you should take a long hard look at the DFARS and ensure that you are operating in compliance with it. An area that we see overlooked time and time again is DFARS 7012. DFARS 7012 refers to which places you are allowed to store data, how you report a data breach, and sets the minimum baseline for security as the NIST SP 800-171 standard. If you experienced a data breach and were not at meeting the NIST SP 800-171 standard for security, the government could sue you for three times the amount of your contract for every instance of data exposure (which could be countless). Suddenly that career-changing contract could be closing your business for good.
We are experts in NIST SP 800-171 compliance. We can help educate you on what you need to do, help patch any gaps in your existing cybersecurity, and bring you up to the level of compliance required-protecting you and our defense supply chain. You can schedule a call today to learn more.
Bonus Tip: Prepare for the new cybersecurity standard, the CMMC.
The CMMC, or Cybersecurity Maturity Model Certification, has been introduced into the DFARS. Though it is not a requirement yet, you will be required to obtain this certification before a Government contract can even be awarded. The CMMC Advisory Board has stated that the time to begin preparing for the CMMC audit is now. We have already completed the first round of training on the CMMC requirements and are ready to help your business prepare.