DoD's Own Cyber Monday Deal: Releasing DFARS Cyber Enhancement Guidance

November 27, 2018

Just in time for the holidays, the Defense Department published final guidance to the DoD acquisition community that details strategies to enhance existing cybersecurity requirements for Covered Defense Information (CDI) provided by the DFARS Safeguarding Clause 252.204-7012. The DoD’s guidance contains two documents that clarify how DoD will communicate their cybersecurity expectations to contractors, including where those expectations exceed what the DFARS Safeguarding Clause requires:

• Guidance for Reviewing System Security Plans (SSPs) outlines how the DoD expects to evaluate contractor SSPs, including the preferred method of meeting each NIST security control and the anticipated consequences of not yet having implemented those controls.
• Guidance for Assessing Compliance and Enhancing Protections provides objectives that requiring activities can tailor to assess contractors’ safeguarding of CDI, including how to incorporate compliance with NIST SP 800-171 and supply chain management as evaluation criteria in solicitations.

For more information, please contact the professional(s) listed below, or your regular Crowell & Moring contact.

Kate M. Growley, CIPP/G, CIPP/US
Partner – Washington, D.C.
Phone: +1.202.624.2698
Email: kgrowley@crowell.com

Evan D. Wolff
Partner – Washington, D.C.
Phone: +1.202.624.2615
Email: ewolff@crowell.com

Maida Oringher Lerner
Senior Counsel – Washington, D.C.
Phone: +1.202.624.2596
Email: mlerner@crowell.com

Michael G. Gruden, CIPP/G
Associate – Washington, D.C.
Phone: +1.202.624.2545
Email: mgruden@crowell.com

Download Printable PDF