Federal Defense Compliance Services

FLANK is the federal compliance consulting firm to turn to for a wide-range of services for primes and subs, and any other business providing services to federal agencies. The U.S. Government has aggressively stepped up many of its regulatory compliance mandates in recent years – and for good reason – as federal agencies are increasingly relying on the services of third-parties, many of which perform critical services. This in turn has resulted in strict compliance reporting for primes and subs who have to undertake annual ITAR, DFARS 800-171, FISMA, FedRAMP, FAR assessments, and more. Such procedures can be incredibly taxing and challenging – no question about it – and its why businesses are seeking highly experienced federal compliance consulting experts for assisting in such endeavors, which is exactly what FLANK offers.

DFARS 800-171

The Department of Defense (DoD) requires primes and subs to assess annually against the prescriptive DFARS 800-171 controls, which can be found in the actual NIST SP 800-171 publication. Along with putting in place all necessary controls, many of which are technical, primes and subs must also have a documented System Security Plan (SSP) in place, information security policies and procedures, security awareness and training, a completed risk assessment, and more. It can be a challenging undertaking, so do what hundreds of other DoD mandated providers are doing, and that’s downloading the DFARS NIST SP 800-171 All-in-One Toolkit today at flank.org.


The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FLANK provides FedRAMP scoping & readiness assessments, InfoSec policy writing in accordance with NIST SP 800-53, vendor selection for security tools as needed, and much more.


The United States government requires all manufacturers, exporters, and all other related defense entities be ITAR compliant, which carries with it sizeable compliance responsibilities. While some of the ITAR provisions are relatively straightforward, there’s also a lack of clarity and transparency when it comes to actually complying with the ITAR mandates themselves. The phrases “ITAR Certified” and “ITAR Compliance” or “ITAR Compliant” are commonly used in the marketplace, creating a sense of confusion at times as to what really constitutes compliance with the International Traffic in Arms Regulations. Keep in mind that throughout the actual ITAR regulations, the notion of “certification” is not present, nor does ITAR discuss various audits that must be undertaken.

FLANK offers comprehensive ITAR compliance consulting services for DoD contractors, ranging from ITAR scoping & readiness assessments to InfoSec policies and procedures development, internal control implementation and remediation, and much more.

10 CFR Part 810

FLANK also provides comprehensive 10 CFR Part 810 information security consulting services for organizations requiring compliance with the Department of Energy (DOE) provisions. The DOE essentially has statutory responsibility for authorizing the transfer of unclassified nuclear technology and assistance to foreign atomic energy activities within the United States or abroad. In accordance with § 57 b. (2). of the Atomic Energy Act of 1954 (AEA), persons may engage, directly or indirectly, in the production or development of special nuclear material outside the United States only upon authorization by the Secretary of Energy, with the concurrence of the Department of State (DOS) and after consulting with the Departments of Defense (DoD) and Commerce (DOC), and the Nuclear Regulatory Commission (NRC).

FLANK’s services for 10 CFR Part 810 include scoping & readiness assessments, information security policy and procedures development, remediation of deficient internal controls, and more.

FAR Regulations

The Department of Defense (DoD), General Services Administration (GSA), and the National Aeronautics and Space Administration (NASA) put forth in subpart and contract clause (52.204-21) to the Federal Acquisition Regulation that imposes a set of fifteen (15) “basic” security controls for contractor information systems for which “Federal contract information” transits or resides. The vast majority of these fifteen controls are security related, requiring the implementation of a number of security best practices, along with the creation of information security policies and procedures. FLANK can assist with all aspects of FAR compliance, from implementing security controls to developing much-needed policy documentation, and more. When it comes to a federal compliance consulting firm with years of expertise, FLANK is the name to know.

DoD Services

As stated above, FLANK offers consulting and assessment services for FISMA, DFARS 800-171, FAR, and other as needed regulatory compliance reporting for the Department of Defense (DoD). Additionally, for each of the respective DoD reporting requirements, we also offer compliance toolkits for instant download today at flank.org.