Uncontrolled Information: DoD Audit Finds Contractor Lapses in Protecting Controlled Unclassified Information
Client Alert | 1 min read | 08.02.19
The Department of Defense Inspector General has released a much-anticipated audit report regarding the protection of Controlled Unclassified Information (CUI) on contractor networks. Begun last summer at the Defense Secretary’s request, the audits found that contractors are not consistently implementing cybersecurity standard NIST SP 800-171, despite being required to do so under DFARS 252.204-7012. The report calls particular attention to common shortcomings regarding multifactor authentication, strong passwords, vulnerability management, and removable media, among others.
The report recommends that DoD:
- Verify that contractors are identifying, responding to, and reporting cyber incidents involving CUI;
- Assess contractors’ ability to protect CUI as part of the solicitation process; and
- Validate, at least annually, that contractors are complying with their contractual cybersecurity requirements.
These recommendations are consistent with recent DoD efforts to establish a “Cybersecurity Maturity Model Certification” that would require contractors to be certified compliant with contractually-specified cybersecurity requirements to be eligible for award.
Contacts
Partner, Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 3 min read | 10.15.25
On August 15, 2025, the Treasury Department and IRS released updated guidance concerning Beginning of Construction requirements to qualify for clean energy tax credits. This new guidance is critical for developers to consider as they rush to qualify for the tax credits before they expire entirely. The much-anticipated guidance followed the July 7, 2025 Executive Order 14315, Ending Market Distorting Subsidies for Unreliable, Foreign-Controlled Energy Sources (“July 7, 2025 Executive Order”), which signaled that the Trump Administration was planning to strictly enforce the termination of production and investment tax credits for solar and wind facilities that are set to expire under the One Big Beautiful Bill Act (OBBB Act), covered in more detail here. The new guidance comes at a time when many in the industry are struggling to keep up with the myriad ways that the new administration is working to roll back wind and solar tax credits, leaving developers to piece through the recent guidance to determine how best to structure and invest in clean energy projects given the volatile position of the current administration vis-a-vis wind and solar energy.
Client Alert | 10 min read | 10.15.25
Client Alert | 4 min read | 10.14.25
Client Alert | 35 min read | 10.13.25
Building Blocks of Design Law: CJEU rules on LEGO Group Modular Design Protection