Navigating DFARS Compliance in HPC

If your company works with the Department of Defense (DoD), you may be familiar with the requirement to protect Controlled Unclassified Information (CUI) under DFARS 252.204-7012. While CUI isn’t classified, it’s still highly sensitive information that must be safeguarded. The DoD labels various documents with the “CUI” marking, which can cover a wide range of information, including personally identifiable information (PII), sensitive financial data, and controlled technical details. If you’re in the Defense Industrial Base (DIB), you might come across CUI in your work, especially if you’re using high-performance computing (HPC) for projects tied to national defense or other sensitive research.

How Rescale Helps Protect CUI Data

At Rescale, we understand the importance of protecting CUI data. That’s why we’ve designed our platform with built-in safeguards to complement your company’s existing NIST SP 800-171 compliance efforts. This standard helps you manage and protect CUI data within nonfederal systems and organizations. Plus, Rescale is the only full-stack HPC platform that’s FedRAMP authorized, meeting the highest standards for security and compliance. Check us out in the FedRAMP Marketplace.

What Is NIST SP 800-171?

NIST SP 800-171 outlines the requirements to protect CUI, ensuring defense contractors demonstrate adequate security measures for their contracts with the DoD. This standard is a must for organizations in the federal supply chain, including those supporting agencies like NASA or the General Services Administration (GSA). For Rescale, this means our FedRAMP-authorized offering meets all the necessary security requirements to protect controlled unclassified government information.

Understanding DFARS and Its Role in CUI Protection

DFARS stands for Defense Federal Acquisition Regulation Supplement. This regulation governs all DoD contracts and ensures the delivery of high-quality goods and services. Specifically, DFARS 252.204-7012 (introduced in 2017 and revised in 2024) requires contractors to safeguard Covered Defense Information (CDI) and report any cyber incidents.

The Cybersecurity Maturity Model Certification (CMMC): How It Relates to DFARS

The Cybersecurity Maturity Model Certification (CMMC) was created to verify that defense contractors are in compliance with existing protections for federal contract information (FCI) and CUI. CMMC ensures adherence to both DFARS 252.204-7012 and NIST SP 800-171, verifying contractors’ security practices through self-assessments and third-party evaluations. Unlike DFARS, which allows companies to monitor their own systems, CMMC involves assessments by Third-Party Assessment Organizations (3PAOs) to determine compliance with various maturity levels.

How Rescale Meets CMMC and DFARS Requirements

The Cybersecurity Maturity Model Certification (CMMC) verifies “that defense contractors are compliant with existing protections for federal contract information (FCI) and controlled unclassified information Rescale’s platform is designed with security and compliance at its core. Whether you’re processing sensitive DoD data or running research on advanced computational workflows, Rescale provides the tools you need to meet strict CMMC and DFARS standards.

Our platform delivers end-to-end security with comprehensive controls for data protection, access management, and cybersecurity. From user authentication to continuous monitoring, we ensure your data is secure at every step of the process.

Key DFARS Requirements for Data Protection

DFARS 252.204-7012 mandates that contractors implement a robust cybersecurity program. This includes:

• Protection of data from unauthorized access, misuse, or destruction
• Proper training for personnel and contractors with access to DoD data
• U.S. citizen-only access for those working with DoD systems
• Risk assessment and management strategies • Audit and accountability measures to ensure data protection

Rescale’s Approach to DFARS Compliance

To help our customers stay compliant, Rescale conducts annual third-party audits and maintains our ISO 27001 certification, ensuring we meet international standards for information security management. This is just one of the ways we ensure our customers can trust us to handle their sensitive data.

Conclusion: Trust Rescale to Safeguard Your HPC Environment

Protecting your high-performance computing environment is crucial for maintaining the integrity, confidentiality, and availability of sensitive data. With Rescale’s platform, you gain not only powerful computational capabilities but also a trusted partner committed to securing your data at every level.

Want to dive deeper into HPC security? Download our security and compliance handbook to learn more about how Rescale helps you stay compliant with industry standards.