1. Home
  2. |Insights
  3. |Forget The Showers. April Brings Flurry of New Cyber Guidance.

Forget The Showers. April Brings Flurry of New Cyber Guidance.

Client Alert | 1 min read | 05.01.18

April has marked a busy month for those following the DoD’s approach to contractor cybersecurity. Earlier in the month, the DoD published a much-anticipated revision to their Frequently Asked Questions regarding DFARS 252.204-7012 and other cybersecurity requirements, reflecting feedback on various questions posed by industry over the past year and including new information regarding:

  • COTS and commercial items
  • Scope of covered defense information
  • Conflicts with foreign laws
  • Subcontractor flowdowns
  • System security plans (SSPs) and plans of action & milestones (POAMs)
  • Requirements for FIPS-validation, multifactor authentication, and marking
  • Cybersecurity requirements beyond NIST SP 800-171
  • Cloud service providers
  • Examples of cyber incidents
  • Guidance for small businesses
  • DCMA oversight

Then just weeks later, the DoD issued proposed guidance for evaluating contractor cybersecurity, including implementation of NIST SP 800-171. Importantly, contractors may comment on the draft guidance through May 31 – and would be well-served to familiarize themselves with the new FAQs before doing so.


Insights

Client Alert | 8 min read | 07.16.25

The New EU “Pharma Package”: The transferable exclusivity voucher—A comparison of Commission/Parliament/Council positions

In our first alert in this weekly series on the EU Pharma Package we provided some important background and general information about the status of the Pharma Package and how the trilogues work, and in the second alert we discussed the proposed changes to regulatory data protection....