DoD Meets Contractors Half-Way at Industry Information Day
Client Alert | 1 min read | 06.28.17
On June 23, the Department of Defense hosted its highly anticipated Industry Information Day to respond to feedback received from the contracting community regarding last year’s finalization of DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting. Top of mind for many in attendance was the looming end-of-year deadline to implement NIST SP 800-171, including its requirements regarding multifactor authentication. By the end of the session, however, DoD representatives repeatedly stated that contractors may use system security plans (SSPs) and plans of action and milestones (POAMs) to document their anticipated implementation of the required controls and thus comply with the Clause – even if the actual implementation of those controls extends beyond 2017. A revised set of FAQs is expected next month, which should provide additional details regarding this new guidance.
Contacts
Partner, Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 4 min read | 11.18.25
DOJ Announces Major Enforcement Actions Targeting North Korean Remote IT Worker Schemes
On November 14, 2025, the U.S. Department of Justice (DOJ) announced a sweeping series of enforcement actions, including four guilty pleas and more than $15 million in civil forfeitures against the Democratic People’s Republic of Korea (DPRK or North Korea) for remote information technology (IT) worker schemes. These actions underscore the federal government’s escalating focus on the exposure of U.S. companies to North Korean IT worker infiltration, following a series of U.S. Government action against the DPRK.
Client Alert | 6 min read | 11.18.25
Client Alert | 2 min read | 11.14.25
Client Alert | 6 min read | 11.14.25
Microplastics Update: Regulatory and Litigation Developments in 2025
