Background - News & Events (Landing) 2016

Search NewsRoom

Advanced Search >

All Alerts & Newsletters

Forget The Showers. April Brings Flurry of New Cyber Guidance.

May 1, 2018

April has marked a busy month for those following the DoD’s approach to contractor cybersecurity. Earlier in the month, the DoD published a much-anticipated revision to their Frequently Asked Questions regarding DFARS 252.204-7012 and other cybersecurity requirements, reflecting feedback on various questions posed by industry over the past year and including new information regarding:

  • COTS and commercial items
  • Scope of covered defense information
  • Conflicts with foreign laws
  • Subcontractor flowdowns
  • System security plans (SSPs) and plans of action & milestones (POAMs)
  • Requirements for FIPS-validation, multifactor authentication, and marking
  • Cybersecurity requirements beyond NIST SP 800-171
  • Cloud service providers
  • Examples of cyber incidents
  • Guidance for small businesses
  • DCMA oversight

Then just weeks later, the DoD issued proposed guidance for evaluating contractor cybersecurity, including implementation of NIST SP 800-171. Importantly, contractors may comment on the draft guidance through May 31 – and would be well-served to familiarize themselves with the new FAQs before doing so.

For more information, please contact the professional(s) listed below, or your regular Crowell & Moring contact.

Evan D. Wolff
Partner – Washington, D.C.
Phone: +1.202.624.2615
Maida Oringher Lerner
Senior Counsel – Washington, D.C.
Phone: +1.202.624.2596
Michael G. Gruden, CIPP/G
Associate – Washington, D.C.
Phone: +1.202.624.2545