1. Home
  2. |Insights
  3. |Forget The Showers. April Brings Flurry of New Cyber Guidance.

Forget The Showers. April Brings Flurry of New Cyber Guidance.

Client Alert | 1 min read | 05.01.18

April has marked a busy month for those following the DoD’s approach to contractor cybersecurity. Earlier in the month, the DoD published a much-anticipated revision to their Frequently Asked Questions regarding DFARS 252.204-7012 and other cybersecurity requirements, reflecting feedback on various questions posed by industry over the past year and including new information regarding:

  • COTS and commercial items
  • Scope of covered defense information
  • Conflicts with foreign laws
  • Subcontractor flowdowns
  • System security plans (SSPs) and plans of action & milestones (POAMs)
  • Requirements for FIPS-validation, multifactor authentication, and marking
  • Cybersecurity requirements beyond NIST SP 800-171
  • Cloud service providers
  • Examples of cyber incidents
  • Guidance for small businesses
  • DCMA oversight

Then just weeks later, the DoD issued proposed guidance for evaluating contractor cybersecurity, including implementation of NIST SP 800-171. Importantly, contractors may comment on the draft guidance through May 31 – and would be well-served to familiarize themselves with the new FAQs before doing so.


Contacts

Insights

Client Alert | 3 min read | 02.26.26

FERC Requires Refunds for Late QF Recertification

On February 19, 2026, the Federal Energy Regulatory Commission (FERC) issued Branch Street Solar Partners, LLC et al., 194 FERC ¶ 61,124 (2026) rejecting the refund reports filed in connection with the late filing of recertifications of qualifying facility (QF) status by certain affiliated companies to reflect a change in upstream ownership. FERC’s rearticulation of QF recertification timing requirements and consequences for late QF recertifications has broad and substantial implications for all QF owners. ...