FAR / DFARS
The Federal Acquisition Regulation (FAR) is the primary regulation governing all US federal civilian and defense procurement. The Defense Federal Acquisition Regulation Supplement (DFARS) adds defense-specific provisions on top of the FAR for Department of Defense contracts. Together, FAR and DFARS define contract clauses, supplier qualifications, pricing rules, and compliance requirements for everything bid on SAM.gov.
Etymology / origin
The FAR was issued in 1984 to consolidate federal procurement rules under one regulation. DFARS predates the FAR and serves as the DoD-specific supplement, updated frequently to reflect defense-specific cybersecurity, supply-chain, and ITAR provisions.
Where you encounter this term
FAR clauses begin with 52.xxx-xx (e.g. FAR 52.219-14 for limitations on subcontracting). DFARS clauses begin with 252.xxx-xx. Major DFARS provisions include cybersecurity (252.204-7012 covering Cyber Incident Reporting), specialty metals (252.225-7008/7009), and the Berry Amendment for food and clothing sourcing. Suppliers bidding on US defense contracts must understand which FAR/DFARS clauses flow down to subcontractors and which trigger NIST SP 800-171, CMMC, or ITAR compliance obligations.
Example — from the WULFRN database
WULFRN's US defense records (3,305 verified) ingest DoD contracts that flow under FAR/DFARS. Foreign suppliers tracking US opportunities must read both regulations alongside contract-specific terms.
Related glossary terms
- SAM.gov (System for Award Management)US federal government's official procurement portal, the single source for US Department of Defense contracting opportunities.
- Foreign Military Sales (FMS)US government-to-government defense sales programme, administered by DSCA — non-US allies' primary path to US-made defense equipment.
- International Traffic in Arms Regulations (ITAR)US regulations controlling the export of defense articles and services on the US Munitions List — a core compliance constraint for all US-touched defense work.
- IL5 / FedRAMPUS federal cloud authorization tiers — FedRAMP for general federal civilian and IL5 for DoD's highest unclassified workload tier.
Continue reading on WULFRN
Frequently asked questions
What is the difference between FAR and DFARS?
FAR (Federal Acquisition Regulation) is the primary regulation governing all US federal procurement, civilian and defense. DFARS (Defense Federal Acquisition Regulation Supplement) adds defense-specific provisions on top of the FAR for Department of Defense contracts. Defense suppliers must comply with both simultaneously.
Which DFARS clauses matter most for cybersecurity?
DFARS 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting) is the central cybersecurity clause, requiring NIST SP 800-171 compliance. DFARS 252.204-7019, 7020, and 7021 add CMMC certification requirements that are progressively rolling out across the DoD supplier base.
Do non-US suppliers have to comply with FAR/DFARS?
Yes, for any US federal or DoD contract they bid on or subcontract under. Flow-down clauses extend FAR/DFARS obligations through prime contractors to foreign subcontractors. This is one reason non-US defense suppliers often pursue Foreign Military Sales (FMS) contracts instead, which use government-to-government procurement and absorb some FAR/DFARS overhead.