The statement “DFARS compliant” is a misnomer.
There are multiple Defense Federal Acquisition Regulation Supplement (DFARS) clauses that an organization can demonstrate compliance with. However, within cybersecurity, a claim of “DFARS compliant” can mean an organization states it conforms with DFARS Clause 252.204-7012. This would infer that the organization stores, processes and/or transmits Controlled Unclassified Information (CUI) as part of a contract and has successfully implemented all applicable NIST 800-171 controls (up to and including a CMMC assessment).
