Forget The Showers. April Brings Flurry of New Cyber Guidance.
Client Alert | 1 min read | 05.01.18
April has marked a busy month for those following the DoD’s approach to contractor cybersecurity. Earlier in the month, the DoD published a much-anticipated revision to their Frequently Asked Questions regarding DFARS 252.204-7012 and other cybersecurity requirements, reflecting feedback on various questions posed by industry over the past year and including new information regarding:
- COTS and commercial items
- Scope of covered defense information
- Conflicts with foreign laws
- Subcontractor flowdowns
- System security plans (SSPs) and plans of action & milestones (POAMs)
- Requirements for FIPS-validation, multifactor authentication, and marking
- Cybersecurity requirements beyond NIST SP 800-171
- Cloud service providers
- Examples of cyber incidents
- Guidance for small businesses
- DCMA oversight
Then just weeks later, the DoD issued proposed guidance for evaluating contractor cybersecurity, including implementation of NIST SP 800-171. Importantly, contractors may comment on the draft guidance through May 31 – and would be well-served to familiarize themselves with the new FAQs before doing so.
Contacts

Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 6 min read | 07.09.26
EU Steel Overcapacity Regulation: New Permanent Measure in Force from 1 July 2026
The EU’s steel safeguard under Implementing Regulation (EU) 2019/159 expired on 30 June 2026 and has been replaced by a new permanent instrument — the EU Steel Overcapacity Regulation (Regulation (EU) 2026/1384) (the Regulation”). It imposes tariff-rate quotas and an out-of-quota duty, similarly to the steel safeguard measures that expired. The out-of-quota duty has been raised from 25% to 50% to minimize the risk of trade diversion. The Regulation reduces duty-free imports of 26 categories of steel products into the EU by an average of 47% compared with the quotas under the until recently applicable safeguard measures.
Client Alert | 5 min read | 07.09.26
Made in the USA? Prove It: FTC Marks America's 250th with Crack Down on Domestic Origin Claims
Client Alert | 4 min read | 07.09.26
Client Alert | 1 min read | 07.08.26
CAS Board Publishes Final Rule Rescinding CAS 404, 408, 409, and 4117
