1. Home
  2. |Insights
  3. |Uncontrolled Information: DoD Audit Finds Contractor Lapses in Protecting Controlled Unclassified Information

Uncontrolled Information: DoD Audit Finds Contractor Lapses in Protecting Controlled Unclassified Information

Client Alert | 1 min read | 08.02.19

The Department of Defense Inspector General has released a much-anticipated audit report regarding the protection of Controlled Unclassified Information (CUI) on contractor networks.  Begun last summer at the Defense Secretary’s request, the audits found that contractors are not consistently implementing cybersecurity standard NIST SP 800-171, despite being required to do so under DFARS 252.204-7012.  The report calls particular attention to common shortcomings regarding multifactor authentication, strong passwords, vulnerability management, and removable media, among others.

The report recommends that DoD:

  • Verify that contractors are identifying, responding to, and reporting cyber incidents involving CUI;
  • Assess contractors’ ability to protect CUI as part of the solicitation process; and
  • Validate, at least annually, that contractors are complying with their contractual cybersecurity requirements.

These recommendations are consistent with recent DoD efforts to establish a “Cybersecurity Maturity Model Certification” that would require contractors to be certified compliant with contractually-specified cybersecurity requirements to be eligible for award.

Contacts

Insights

Client Alert | 4 min read | 07.07.26

At Long Last, DoW Signals Rule Implementing PCB Prohibition and Commercial Exemptions

On July 2, 2026, the Department of War (DoW) issued an Advance Notice of Proposed Rulemaking (ANPR) setting out a framework to implement the prohibition on acquisition of covered printed circuit boards (PCBs) from “covered nations”—North Korea, China, Russia, and Iran—enacted under sections 841 and 851 of the National Defense Authorization Acts (NDAAs) for Fiscal Years 2021 and 2022, respectively, and codified at 10 U.S.C. § 4873.  DoW invites industry to respond to specific questions and provide comments on the ANPR by August 31, 2026....