• SecurePath for Auto Dealers
  • Services
    • SOC Reporting Services
      • SOC 2® Readiness Assessment
      • SOC 2® Reports
      • SOC 3® Reports
      • SOC for Cybersecurity® Reports
    • IT Advisory Services
      • IT Vulnerability Assessment
      • Network Penetration Testing
      • Privileged Access Management
      • Social Engineering Testing
      • Virtual CISO (vCISO)
      • Written Information Security Program (“WISP”)
      • IT General Controls Audit & Compliance
    • IT Government Compliance
      • CMMC Cybersecurity Services & Compliance
      • DFARS Compliance
      • FTC Safeguards Compliance
  • Industries
    • Financial Services
    • Government
    • Auto Dealerships
    • Enterprise
  • Blog
  • About Us
    • Meet The Team
    • Jobs
  • Contact Us

Call us today! 844-OCD-TECH

Find our Location
OCD TechOCD Tech
  • SecurePath for Auto Dealers
  • Services
    • SOC Reporting Services
      • SOC 2® Readiness Assessment
      • SOC 2® Reports
      • SOC 3® Reports
      • SOC for Cybersecurity® Reports
    • IT Advisory Services
      • IT Vulnerability Assessment
      • Network Penetration Testing
      • Privileged Access Management
      • Social Engineering Testing
      • Virtual CISO (vCISO)
      • Written Information Security Program (“WISP”)
      • IT General Controls Audit & Compliance
    • IT Government Compliance
      • CMMC Cybersecurity Services & Compliance
      • DFARS Compliance
      • FTC Safeguards Compliance
  • Industries
    • Financial Services
    • Government
    • Auto Dealerships
    • Enterprise
  • Blog
  • About Us
    • Meet The Team
    • Jobs
  • Contact Us
Don’t Let the Cloud Rain on Your DFARS Compliance

Don’t Let the Cloud Rain on Your DFARS Compliance

June 19, 2018 Posted by Nick DeLena IT Security

Cloud computing has become ubiquitous in how we operate our businesses day to day. The benefits are overwhelming; virtually no capex is required to stand up enterprise-quality back-office services or customer-facing products and services. This low barrier to entry has been a boon to R&D organizations, encouraging experimentation and development from businesses of all sizes. Many companies use services like Office365 or Google’s GSuite for email, productivity, and collaboration, Dropbox for file sharing, Carbonite for backup, and on and on. These are all fantastic products that have helped all of us ramp up our productivity.

However, if you are a defense contractor subject to DFARS 252.204-7012, you must be very careful in your use of cloud services.

DFARS clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, provides specifics on how to handle cloud service organizations. In section (b)(2)(D), it is stated that: “*If the Contractor intends to use an external cloud service provider to store, process, or transmit any covered defense information in performance of this contract, the Contractor shall require and ensure that the cloud service provider meets security requirements equivalent to those established by the Government for the Federal Risk and Authorization Management Program (FedRAMP) Moderate baseline*”

Many companies have interpreted this to mean they can casually assess the security of their prospective vendor and make the judgment themselves. However, the FedRAMP Moderate baseline is a very stringent standard which contains 325 security control requirements. How can you, as a defense contractor, assess Dropbox against this standard? In addition, companies like Dropbox have the freedom to pursue FedRAMP authorization themselves.

The safest way to ensure your cloud service provider meets the FedRAMP Moderate baseline is to select your vendor from the FedRAMP-authorized list at FedRAMP.gov.

Don’t jeopardize your contract by trusting your cloud service provider with CDI when their security might not be up to par.

OCD Tech, a Division of O’Connor & Drew, P.C., is a leading provider of DFARS cybersecurity services. Please contact us with any questions you might have with your compliance needs.

Share
1
Avatar photo

About Nick DeLena

Nick leads engagements across the division’s primary practice areas, including audit, security, and advisory services. He’s a 19-year veteran of IT and IT risk management, having audited, consulted, and managed IT teams in a variety of industries. He holds several leading certifications, including CISSP, CISA, CRISC, and Security+, among others, and has an MBA from Brown University.

You also might be interested in

OCDTECH.PENTESTASSESSMENT

Why Your Company Should Invest in a Pentest Assessment?

Jul 6, 2023

In today’s digital age, cybersecurity is of utmost importance for[...]

Understanding botnets

Understanding botnets

Jan 4, 2018

What is a botnet? The term “botnet” refers to a[...]

Identity Management Day OCD Tech

Identity Management Day

Apr 11, 2023

Identity Management Day aims to inform about the dangers of[...]

Find us on

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Send Message
OCD Tech logo Audit. Security. Assurance.

IT Audit | Cybersecurity | IT Assurance | IT Security Consultants – OCD Tech is a technology consulting firm serving the IT security and consulting needs of businesses in Boston (MA), Braintree (MA) and across New England. We primarily serve Fortune 500 companies including auto dealers, financial institutions, higher education, government contractors, and not-for-profit organizations with SOC 2 reporting, CMMC readiness, IT Security Audits, Penetration Testing and Vulnerability Assessments. We also provide dark web monitoring, DFARS compliance, and IT general controls review.

Contact Info

  • OCD Tech
  • 25 BHOP, Suite 407, Braintree MA, 02184
  • 844-623-8324
  • https://ocd-tech.com

Follow Us

Videos

Check Out the Latest Videos From OCD Tech!

Services

SOC Reporting Services
– SOC 2 ® Readiness Assessment
– SOC 2 ®
– SOC 3 ®
– SOC for Cybersecurity ®

IT Advisory Services
– IT Vulnerability Assessment
– Penetration Testing
– Privileged Access Management
– Social Engineering
– WISP
– General IT Controls Review

IT Government Compliance Services
– CMMC
– DFARS Compliance
– FTC Safeguards vCISO

Industries

  • Financial Services
  • Government
  • Enterprise
  • Auto Dealerships

© 2025 — OCD Tech: IT Audit - Cybersecurity - IT Assurance

  • OCD Tech
  • About Us
  • Contact Us
Prev Next