Contracts with the federal government comprise a major source of business for many companies. Unfortunately, many businesses miss out on these contracts because they cannot demonstrate adequate cybersecurity compliance, which is necessary not only for Tier 1 suppliers, but for many of their subcontractors down the line who may be supplying parts or handling sensitive information.

FAR 52.204.21 lists fifteen requirements that all contractors must meet in order to work with the federal government. These requirements are designed to protect Controlled Unclassified Information (CUI), which includes many contracts, financial statements, and design specs that the contractor may handle over the course of their project.

These requirements are closely linked to those of NIST 800-171, and provide a good first step toward broader DFARS/NIST compliance.

Even if your company does not currently contract with the federal government, being able to demonstrate FAR 52.204.21 compliance puts you in a position to accept contracts in the future, even on short notice. More importantly, the guidelines follow best practices for cybersecurity, and are therefore useful to any company desiring to strengthen their cybersecurity policies.