No Post-Thanksgiving Break for Cyber – DoD and NIST Publish New Guidance

Client Alert | 1 min read | 12.01.17

Both the Department of Defense and National Institute of Standards & Technology (NIST) have put pen to paper and provided new information for contractors looking to comply with DFARS 252.204-7012 and its accompanying cybersecurity requirements under NIST Special Publication (SP) 800-171. Earlier this week, the DoD posted guidance explaining that contractors can still use system security plans (SSPs) under the original version of NIST SP 800-171 to “document implementation” under the DFARS Clause, despite that version not including SSPs as a security control requirement. Separately, NIST published a draft of NIST SP 800-171A, Assessing Security Requirements for Controlled Unclassified Information, providing guidance to both contractors and their customers regarding how to conduct assessments under NIST SP 800-171. Importantly, the draft is open to comment through December 27, 2017, providing contractors with a unique opportunity to weigh in on how their customers may ultimately judge compliance with the DFARS Clause’s security requirements.

Contacts

Michael G. Gruden
Partner
- Washington, D.C.
  - D | +1.202.624.2545
bWdydWRlbkBjcm93ZWxsLmNvbQ==
Kate M. Growley
Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
  - D | +1.202.624.2698
- Washington, D.C. (CGA)
  - D | +1 202.624.2500
a2dyb3dsZXlAY3Jvd2VsbC5jb20=

Insights

Client Alert | 3 min read | 05.28.26

PFAS Regulatory Alert: EPA Rolls Back RCRA Proposed Rule on “Hazardous Waste” but Does Not Disturb Proposed RCRA Rule on PFAS

Earlier this month, the U.S. Environmental Protection Agency (EPA) withdrew a February 2024 Biden administration proposed rule, “Definition of Hazardous Waste Applicable to Corrective Action for Releases From Solid Waste Management Units,” under the Resource Conservation and Recovery Act (RCRA).[1] The withdrawn proposal would have revised RCRA corrective action regulations to expressly apply the broader statutory definition of “hazardous waste,” rather than only the narrower regulatory definition. Now, EPA is maintaining the status quo for corrective action under RCRA. However, EPA’s withdrawal of its proposed RCRA hazardous waste definition makes no mention of its corresponding proposal from 2024 to list nine per- and polyfluoroalkyl substances (PFAS) as RCRA hazardous constituents.[2] This disjointed withdrawal, while providing some certainty for regulated entities, does not resolve how EPA plans to address PFAS under the RCRA program....

Client Alert | 8 min read | 05.28.26
Texas Targets Big Tech With Wave of Suits and Investigations, Part of Nationwide Trend
Client Alert | 7 min read | 05.27.26
Colorado Hits Reset on AI Regulation: SB 26-189 Repeals and Reenacts the Colorado AI Act
Client Alert | 3 min read | 05.27.26
Don’t Get Left in the Doghouse: The Federal Circuit’s Global K9 Case and the Duty to Intervene

View All Insights