GRC Case Study: Defense Contractor meets DFARS Compliance NIST 800-171

GRC Case Study DFARS Compliance NIST 800-171

How do large defense contractors address the requirements for the Defense Federal Acquisition Regulation Supplement known as DFARS? According to SP NIST 800-171, any Department of Defense contractor who processes, stores or transmits Controlled Unclassified Information has to achieve the minimum security standards. DFARS compliance deadline went into effect at the end of 2017 and those who have not made headway will run the risk of losing DOD contracts. This new case study discusses how a defense contractor turned to Rsam for help reaching two primary goals:

  • Standardizing their business processes. 
  • Gaining greater executive level visibility into areas of risk exposure.

Despite their track record of success in delivering end-to-end solutions for collecting, processing and understanding sensor data, they still had significant gaps in several key areas related to governance, risk, and compliance. 

Like many organizations, they had resorted to leveraging a manual spreadsheet process for risk assessments, which made it nearly impossible to scale coverage and report on assessment results as it relates to DFARS compliance and other risk initiatives. 

The lack of automated reporting capability made it difficult for leadership to get a true picture of the status of risks being tracked, and the vulnerability management team had no mechanism to drive accountability and timely remediation of problems. 

No More Manual Tracking for DFARS Compliance NIST 800-171

Implementing Rsam’s GRC Platform created several quick wins. The organization now has a centralized framework that eliminates process redundancies, removes legal and control coverage guesswork, aligns teams to a better work quality, satisfies audit requirements, and accommodates easy onboarding of future regulatory initiatives beyond DFARS compliance without the need for process re-engineering.

The days of manually tracking and reporting with spreadsheets are thankfully behind them.

Download this GRC Case Study

If you’d like to read more, you can download the full case study here

Demonstrations of Rsam’s GRC Platform for DFARS compliance and beyond can be requested at