DoD's New Year's Gift: More Time to Meet Cyber Safeguarding Requirements
Client Alert | less than 1 min read | 12.30.15
On December 30, DoD issued an interim rule amending the DFARS Safeguarding Rule in several respects, including to provide contractors up to December 31, 2017, to comply with the security control requirements identified in DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, and detailed in NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. Despite the additional time to comply, within 30 days of contract award, contractors must still notify the DoD Chief Information Officer of any NIST SP 800-171 security requirements not yet implemented.
Contacts
Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 4 min read | 04.14.26
FedRAMP Solicits Public Comment on Overhaul to Incident Communications Procedures
The Federal Risk and Authorization Management Program (FedRAMP) continues to advance its modernization agenda. On April 8, 2026, FedRAMP released RFC-0031, Updated Incident Communications Procedures for public comment. This RFC proposes replacing the current FedRAMP Incident Communications Procedures (ICP) with what FedRAMP calls “a clear set of reporting requirements … established using a modern rules-based format.”
Client Alert | 5 min read | 04.14.26
Client Alert | 4 min read | 04.14.26
Client Alert | 5 min read | 04.13.26
EU Pharma Package: Global (Orphan) Marketing Authorization Compromise Proposal
