DoD's Own Cyber Monday Deal: Releasing DFARS Cyber Enhancement Guidance
Client Alert | 1 min read | 11.27.18
Just in time for the holidays, the Defense Department published final guidance to the DoD acquisition community that details strategies to enhance existing cybersecurity requirements for Covered Defense Information (CDI) provided by the DFARS Safeguarding Clause 252.204-7012. The DoD’s guidance contains two documents that clarify how DoD will communicate their cybersecurity expectations to contractors, including where those expectations exceed what the DFARS Safeguarding Clause requires:
- Guidance for Reviewing System Security Plans (SSPs) outlines how the DoD expects to evaluate contractor SSPs, including the preferred method of meeting each NIST security control and the anticipated consequences of not yet having implemented those controls.
- Guidance for Assessing Compliance and Enhancing Protections provides objectives that requiring activities can tailor to assess contractors’ safeguarding of CDI, including how to incorporate compliance with NIST SP 800-171 and supply chain management as evaluation criteria in solicitations.
Contacts
Partner, Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 5 min read | 12.02.25
As we have reported previously, California has enacted a pair of climate-related reporting laws that apply to large entities doing business in California (SB 253 and SB 261, as modified by SB 219). This alert provides an update on only the most recent events; please see previous alerts for a broader overview of the laws’ requirements.
Client Alert | 11 min read | 12.01.25
Client Alert | 5 min read | 12.01.25
Client Alert | 6 min read | 11.26.25
From ‘Second’ to ‘First:’ Federal Circuit Tackles Obvious Claim Errors
