The Wait Is Over: Final DFARS Safeguarding Rule Published Today

Client Alert | 1 min read | 10.21.16

Almost three years after its first iteration was published, DoD has finalized the DFARS Safeguarding Rule and corresponding DFARS clauses regarding the protection of “covered defense information” provided to or generated by defense contractors. Effective today, the Final Rule by and large reflects the same requirements of its interim versions and FAQs but with a few notable exceptions, including the definition of “covered defense information” now encompasses all forms of “controlled unclassified information” and thus aligns with the National Archive’s recent final rule, external cloud services housing covered defense information must comply with certain FedRAMP security requirements, and subcontractors must notify their primes when requesting variances from the security controls of NIST Special Publication 800-171.

Contacts

Kate M. Growley
Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
  - D | +1.202.624.2698
- Washington, D.C. (CGA)
  - D | +1 202.624.2500
a2dyb3dsZXlAY3Jvd2VsbC5jb20=

Insights

Client Alert | 3 min read | 05.14.26

CISA’s “CI Fortify” Initiative Signals New Expectations for Critical Infrastructure Resilience: What Operators and Vendors Need to Know

On May 5, 2026, CISA announced CI Fortify — an initiative directing critical infrastructure owners and operators to prepare for geopolitical conflict in which OT networks are actively targeted while communications infrastructure is simultaneously degraded....

Client Alert | 4 min read | 05.14.26
No-Fly Zones for Drones: FAA Proposes New Rules Over Critical Infrastructure
Client Alert | 2 min read | 05.14.26
Proposed DFARS Rule Could Require Disclosures and Mitigation Related to Foreign Ownership, Control, and Influence (FOCI) on Certain Unclassified Contracts
Client Alert | 4 min read | 05.14.26
Supply Chain Disruption – Again

View All Insights