Forget The Showers. April Brings Flurry of New Cyber Guidance.
Client Alert | 1 min read | 05.01.18
April has marked a busy month for those following the DoD’s approach to contractor cybersecurity. Earlier in the month, the DoD published a much-anticipated revision to their Frequently Asked Questions regarding DFARS 252.204-7012 and other cybersecurity requirements, reflecting feedback on various questions posed by industry over the past year and including new information regarding:
- COTS and commercial items
- Scope of covered defense information
- Conflicts with foreign laws
- Subcontractor flowdowns
- System security plans (SSPs) and plans of action & milestones (POAMs)
- Requirements for FIPS-validation, multifactor authentication, and marking
- Cybersecurity requirements beyond NIST SP 800-171
- Cloud service providers
- Examples of cyber incidents
- Guidance for small businesses
- DCMA oversight
Then just weeks later, the DoD issued proposed guidance for evaluating contractor cybersecurity, including implementation of NIST SP 800-171. Importantly, contractors may comment on the draft guidance through May 31 – and would be well-served to familiarize themselves with the new FAQs before doing so.
Insights
Client Alert | 4 min read | 09.20.24
Department of Commerce Unveils New Tool to Inform Supply Chain Risk Mitigation
The U.S. Department of Commerce unveiled a groundbreaking analytic risk assessment tool to inform the U.S. government’s efforts in mitigating supply chain risks. Launched at the inaugural Supply Chain Summit hosted by the Department of Commerce and the Council on Foreign Relations on September 10, 2024, the SCALE Tool marks a significant milestone in the U.S. government’s broader commitment to strengthening the U.S. supply chain ecosystem.
Client Alert | 3 min read | 09.13.24
Client Alert | 12 min read | 09.13.24
Tri-Agencies Finalize NQTL Comparative Analysis Standards in Final Rule
Client Alert | 5 min read | 09.11.24