DFARS (Defense Federal Acquisition Regulation Supplement)

DFARS stands for Defense Federal Acquisition Regulation Supplement, and it's the rulebook for doing business with the Department of Defense. While the FAR is the baseline for all federal contracting, DFARS adds additional DoD-specific requirements on top. Think of FAR as the foundation and DFARS as the Defense-specific requirements that strengthen that foundation.

DFARS covers everything from security requirements and facility access to cybersecurity compliance (NIST standards), cost accounting standards, subcontracting requirements, and small business reporting. If you're contracting with DoD, you must comply with both FAR and DFARS. Many DFARS requirements are more stringent than FAR requirements, making DoD contracting more complex than civilian agency contracting.

Why it matters: DFARS compliance is non-negotiable for Defense contractors. Violating DFARS requirements can result in contract termination, suspension, or debarment. DFARS also requires specific security clearances for personnel, facility security clearances, and cybersecurity certification (like CMMC—Cybersecurity Maturity Model Certification) for companies handling certain types of data.

In practice, every DoD contract incorporates DFARS clauses that spell out your obligations. Common DFARS requirements include: Federal Acquisition Regulation Supplement clauses on foreign participation, information security, and technology transfer. If you're subcontracting to a DoD prime, you must comply with DFARS even though you're not the prime contractor.

One strategic consideration: DFARS compliance costs money. You may need facility security clearances, personnel clearances, cybersecurity infrastructure, and specialized accounting systems. Smaller companies sometimes decide the DFARS compliance burden isn't worth the DoD business. Another point: DFARS is regularly updated, so staying current is essential. Changes happen frequently and can affect how you bid and perform contracts.