Skip to Content
Technical Excellence in Government Contracts
and Construction Matters Since 1893.
Oles Morrison

The DoD Is Watching Contractor Cyber Security Compliance: DoD Will Use the Defense Contract Management Agency to Audit Contractors’ Supply Chain Compliance with the DFARS Safeguarding Clause

By on March 12, 2019 | Posted in Cybersecurity

2018 was another banner year for government contract cybersecurity requirements.  Reports separately released by OMB and MITRE suggest that risks for cyber intrusions remain as prevalent as ever, if not more so.  Accordingly, dozens of statutory, regulatory, and agency guidance memoranda on this critical subject were released in 2018 and more are expected to come in 2019, and beyond, as those measures are fleshed out for further development and implementation.

One of these more significant developments is the Department of Defense’s (DoD) increased emphasis on maintaining supply chain integrity for cybersecurity risks.  In this regard, the DFARS Safeguarding Clause 252.204-7012, which applies in all DoD procurements, governs the protection of covered defense information provided to or generated by defense contractors.  In particular, the Clause requires contractors that access covered defense information to take precautions to protect this information.  It also requires that contractors who access this information report cyber incidents, submit malicious software to the Department of Defense Cyber Crime Center, and facilitate a damages assessment in the event of a cyber incident.  The Clause also defines covered defense information to be unclassified controlled technical information or other information marked as such in the contract, or collected, developed, received, transmitted, used, or stored on behalf of the contractor in support of the performance of the contract.

DoD Cyber Security Rules Took Effect for Contractors Dec. 31, 2017

By on January 18, 2018 | Posted in Cybersecurity

Federal government contractors, grantees and those with cooperative agreements may find themselves in possession of (or handling) government information which the U.S. Department of Defense (DoD) considers to be sensitive or confidential but not considered “classified.” On Dec. 31, 2017, in accordance with DFARS 252.204-7012 the National Institute of Standards and […]