Cybersecurity compliance requirements for contractors (e.g., FISMA1 and DFARS 252.204-70122) are not always clearly defined or consistently applied. Requirements often depend on a number of factors, including the agency data/systems being used, contractor services being provided, and contracting processes.
While compliance may prove to be challenging, noncompliance increases the risk of data being lost or improperly disclosed, leading to reputation damage, loss of contracts/business, regulatory penalties, legal actions, or preclusion from bidding on future contracts.
“Cybersecurity is a fundamental business issue, not a technical issue.”
1Federal Information Security Management Act
2Defense Federal Acquisition Regulation Supplement