Uncontrolled Information: DoD Audit Finds Contractor Lapses in Protecting Controlled Unclassified Information

Client Alert | 1 min read | 08.02.19

The Department of Defense Inspector General has released a much-anticipated audit report regarding the protection of Controlled Unclassified Information (CUI) on contractor networks. Begun last summer at the Defense Secretary’s request, the audits found that contractors are not consistently implementing cybersecurity standard NIST SP 800-171, despite being required to do so under DFARS 252.204-7012. The report calls particular attention to common shortcomings regarding multifactor authentication, strong passwords, vulnerability management, and removable media, among others.

The report recommends that DoD:

Verify that contractors are identifying, responding to, and reporting cyber incidents involving CUI;
Assess contractors’ ability to protect CUI as part of the solicitation process; and
Validate, at least annually, that contractors are complying with their contractual cybersecurity requirements.

These recommendations are consistent with recent DoD efforts to establish a “Cybersecurity Maturity Model Certification” that would require contractors to be certified compliant with contractually-specified cybersecurity requirements to be eligible for award.

Contacts

Michael G. Gruden
Partner
- Washington, D.C.
  - D | +1.202.624.2545
bWdydWRlbkBjcm93ZWxsLmNvbQ==
Kate M. Growley
Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
  - D | +1.202.624.2698
- Washington, D.C. (CGA)
  - D | +1 202.624.2500
a2dyb3dsZXlAY3Jvd2VsbC5jb20=

Insights

Client Alert | 2 min read | 05.29.26

California Assembly Passes AB 1776, Sending Major Antitrust Bill to the Senate

California’s COMPETE Act (AB 1776) narrowly passed the California State Assembly by three votes on Wednesday and now moves to the California State Senate. The bill — introduced in March by Assembly Majority Leader Cecilia Aguiar-Curry — is modeled closely on draft legislation recommended by the California Law Revision Commission in September. AB 1776 would not only significantly expand potential liability for single-firm conduct and monopolization but, based on recent amendments, would also explicitly decouple California antitrust analysis from certain federal standards. Crowell & Moring is representing the California Chamber of Commerce (CalChamber) in monitoring, analyzing, and responding to AB 1776. ...

Client Alert | 5 min read | 05.29.26
Clover Insurance v. HHS: S.D. of Georgia Holds 20 Star Ratings Measures Unlawful
Client Alert | 3 min read | 05.29.26
Rough Seas for International Cartels: DOJ Indicts Four of the Largest Container Manufacturers and Executives for Price-Fixing
Client Alert | 3 min read | 05.28.26
PFAS Regulatory Alert: EPA Rolls Back RCRA Proposed Rule on “Hazardous Waste” but Does Not Disturb Proposed RCRA Rule on PFAS

View All Insights