FAR vs DFARS
FAR, or the Federal Acquisition Regulation, is a comprehensive set of rules and guidelines established by the U.S. federal government to govern federal agencies' acquisition process for goods and services.
DFARS, or the Defense Federal Acquisition Regulation Supplement, is an extension of FAR focused on the Department of Defense (DoD). FAR and DFARS play a crucial role in regulating federal and defense procurement activities in the United States.
What is the Difference Between FAR and DFARS?
The primary difference between FAR and DFARS lies in their scope and focus. FAR is a comprehensive set of regulations that govern the acquisition process for goods and services across all federal agencies in the United States, ensuring consistency and fairness in procurement practices.
On the other hand, DFARS is an extension of FAR, specifically tailored to the Department of Defense (DoD) and its contractors. DFARS contains additional regulations and clauses that address unique requirements, security concerns and specific procedures within the defense industry, making it more specialized and stringent in its application than the broader FAR.
What is FAR?
The Federal Acquisition Regulation is a comprehensive set of guidelines that apply to the acquisition process for all executive agencies, including civilian agencies and agencies within the Department of Defense. As a standardized framework that outlines how government contracts are awarded and managed, the FAR covers a wide range of topics related to government contracting, including procurement, contract formation, contract administration and ethical considerations.
Learn the Basics of FAR and CAS
You’ll learn about what government contract costs can be recovered, accounting system standards and cost-specific mandates.
What is DFARS?
The Defense Federal Acquisition Regulation Supplement is an extension to the FAR that focuses specifically on the procurement and acquisition processes within the Department of Defense (DoD). While the FAR applies to all government agencies, the DFARS adds an extra layer of guidelines tailored to defense-related contracts.
The DFARS addresses defense-specific requirements, considerations and concerns that are not comprehensively covered by the FAR, including matters related to national security, classified information, intellectual property rights in the defense sector, cybersecurity requirements and more.
In the event there’s a discrepancy or conflict between FAR and DFARS provisions in a DoD contract, DFARS provisions take precedence.
Who Regulates FAR and DFARS?
The Civilian Agency Acquisition Council (CAAC) oversees the administration and regulation of the FAR as it applies to the federal government's civilian agencies — like the Department of Education, the Department of Health and Human Services and the Department of the Interior.
On the other hand, the Defense Acquisition Regulations Council (DARC) is tasked with administering and regulating the FAR for any defense-related acquisition or award. The DARC is also responsible for regulating the DFARS and ensuring that defense-related acquisitions are done safely and securely.
Who Needs to Comply with FAR and DFARS?
FAR compliance is mandatory for all vendors engaged in government contracting, whether they are working with civilian or DoD agencies. Additionally, subcontractors working under prime government contractors, procurement officers, legal teams and researchers funded through government contracts also need to adhere to FAR regulations.
In addition to needing to maintain FAR compliance, contractors and subcontractors that work with the DoD must also achieve DFARS compliance.
Do All Agencies Use FAR?
Yes, all executive federal government agencies are required to adhere to the Federal Acquisition Regulation, including both civilian and DoD agencies.
The FAR provides a standardized framework for procurement and contracting processes across the entire government ecosystem, establishing a consistent set of rules and procedures that agencies, contractors and subcontractors must follow.
While all agencies are required to guide their acquisition processes with FAR, defense agencies also need to adhere to the DFARS.
What Does it Mean to be FAR Compliant?
Government contractors that are FAR-compliant demonstrate a commitment to ethical business practices, transparency, fairness and accountability in interactions with government agencies. Contractors aim to offer competitive pricing, deliver high-quality products and services and ensure that the government is getting the best value on each project. As a result, this helps them apply for and win government contracts.
Example Steps to Prepare for FAR
Here's a general outline of the steps to help meet FAR compliance:
- Understand the FAR: Start by thoroughly studying the FAR document itself, which is available online. Familiarize yourself with the various parts, subparts, sections and clauses that may apply to your business.
- Identify applicability: Determine which parts of the FAR are relevant to your specific contracts and business activities. Not all parts of the FAR will apply to every organization or contract.
- Designate a compliance officer: Appoint someone within your organization to be responsible for overseeing FAR compliance. This individual should have a strong understanding of the FAR and its implications for your business.
- Training and education: Ensure that your staff, especially those involved in procurement and contract management, are trained on the FAR requirements and understand their responsibilities in maintaining compliance.
- Establish internal policies and procedures: Develop and document internal policies and procedures that align with FAR requirements. These should cover procurement practices, contract administration, cost accounting and ethics, among other areas.
- Compliance documentation: Maintain thorough and accurate records of all procurement and contract activities. This includes documenting decisions, communications and justifications for actions taken.
- Ethical conduct: Emphasize ethical conduct and compliance with FAR rules related to conflicts of interest, gratuities and other ethical considerations.
- Contract-specific compliance: For each federal contract, carefully review and comply with the specific FAR clauses and provisions included in that contract. Ensure that you meet all contractual obligations.
- Stay informed: Regularly monitor updates and revisions to the FAR, as regulations may change over time. It's essential to stay current with any amendments that may affect your compliance.
- Auditing and self-assessment: Conduct periodic internal audits and self-assessments to identify and rectify any compliance gaps or issues. This proactive approach helps ensure ongoing adherence to FAR requirements.
- Engage legal and compliance experts: Consider seeking legal counsel or consulting with compliance experts who specialize in federal procurement to ensure your organization's full understanding and compliance with the FAR.
- External audits: Be prepared for potential external audits by government agencies or auditors responsible for ensuring FAR compliance. Having a well-documented and organized compliance program will facilitate this process.
Example Steps to Prepare for DFARS
In addition to the above steps, here are a few additional steps specific to DFARS:
- Risk assessment: Conduct a comprehensive risk assessment to identify vulnerabilities and potential security risks within your organization, especially those related to Controlled Unclassified Information (CUI) and covered defense information (CDI).
- Implement security controls: Develop and implement the necessary security controls and practices required by DFARS to protect CUI and CDI. This may include measures such as access controls, encryption, intrusion detection and incident response procedures.
- System Security Plan (SSP): Create and maintain a System Security Plan that outlines your organization's security policies, procedures and practices in line with DFARS requirements.
- Plan of Action and Milestones (POA&M): Develop a Plan of Action and Milestones to address any security deficiencies or gaps identified in your assessment. This document should detail how and when these issues will be resolved.
- Incident response plan: Develop and document an incident response plan to address cybersecurity incidents promptly and effectively, as required by DFARS.
- Third-party assessments: Engage with third-party assessors or auditors, if required, to validate your organization's compliance with DFARS requirements.
- Continuous monitoring: Implement continuous monitoring practices to ensure ongoing compliance and to detect and respond to security threats and vulnerabilities.
- Reporting: Be prepared to report security incidents and breaches to the DoD, as required by DFARS.
Becoming FAR and DFARS compliant can be a complex and demanding process, but it is vital for organizations involved in government contracting.
Understand the FAR Changes Clause
Find out why the FAR Changes clause may be one of the most important clauses in government contracting.
Related Resources
Guide to Government Contracting
Get the information you need to successfully find win and manage government contracts.Learn More »
What is DCAA Compliance?
Learn more about DCAA compliance, and how contractors can reduce risk by avoiding and preparing for DCAA audits.Learn More »
Federal Government Contracting
Learn more about federal government contracts and where you can find them.Learn More »
Small Business Contracting
Discover how to find, win and deliver on small business government contracts.Learn More »
State & Local Contracting
Learn the basics of state and local government contracts and where you can find them.Learn More »
Types of Government Contracts
Learn about the four main types of government contracts that contractors encounter.Learn More »
Canadian Government Contracting
Learn more about the Canadian public sector market and how to find Canadian contracts.Learn More »
How to Win Government Contracts
Discover how to beat the competition and win more government contracts.Learn More »
Guide to Govcon Compliance
Learn why compliance should be top of mind for all government contractors.Learn More »
What is CMMC?
Learn more about the basics of Cybersecurity Maturity Model Certification (CMMC).Learn More »
What is ITAR Compliance?
Learn more about the International Traffic in Arms Regulations (ITAR) and who it applies to.Learn More »
Basics of FAR & CAS
Learn about the Federal Acquisition Regulation (FAR) and Cost Accounting Standards (CAS).Learn More »
What is a Teaming Agreement?
Discover how teaming agreements can help you reach your government contracting goals.Learn More »