DFARS compliance can be an intimidating goal for an organization. Figuring out where to start, what is required, and how much it’s going to cost to assess DFARS compliance are just a few of the things that companies are trying to understand. We’ve explored the Defense Federal Acquisition Regulation Supplement (DFARS) in another post already, so let’s take a look at what this is going to cost your organization.
Cost to Assess DFARS Compliance
The first step in becoming DFARS compliant is to determine the areas where you are currently not in compliance. A Gap Analysis can be done with an interview driven process to cross reference your firms current security posture against the NIST standards that drive DFARS compliance. This gap analysis starts at $6,000 and varies depending on the size of your firm and your interaction with CDI. Generally, the larger the firm, the more interviews required in order to get the proper resources to address the specific controls in question.
What other factors will drive the cost of being DFARS compliant?
In addition to the Gap Analysis, the largest drivers of cost include Policy Development and Security Awareness Training.
Policy development starts at $3,000 and can increase depending on if your firm has any policies in place or if this will be drafting a brand new set of policies from scratch. Having proper policies in place is one of the easiest ways to boost DFARS compliance as a large portion of requirements are centered around proper policies.
Annual security awareness training is required by DFARS and is also a best practice in order to improve and maintain your firms security posture. Awareness training starts at $1,000 and acts as an interactive way for your employees to be aware and engaged in your security program. The cost can increase if more than one sessions are required or if there are any specials requests for the training program.